DOJ Case Says Karakurt Ransomware Gang Leveraged Russian Government Databases; Latvian Operative Gets 102 Months
The U.S.
VERDICT — CONFIRMED

The U.S. Department of Justice detailed a case alleging that the Karakurt ransomware gang—also operating as TommyLeaks and SchoolBoys—relied on access to Russian government databases and law-enforcement connections to intimidate victims, underscoring ties between Russian cybercriminals and the state. Latvian national Deniss Zolotarjovs, who served as a negotiator and money launderer for the group, was sentenced to 102 months (more than eight years) in federal prison after pleading guilty; he was arrested in Georgia in 2023 and extradited to the United States in August 2024.
Prosecutors said Karakurt targeted more than 54 companies and extracted at least $15 million in ransom payments, and that the group's attacks disrupted a U.S. government entity's 911 emergency-dispatch system and used stolen children's health information to increase extortion leverage. According to the DOJ, Karakurt was led by former leaders of the Akira and Conti ransomware operations—figures previously sanctioned by the U.S. Treasury for alleged links to Russian intelligence—and members allegedly used Russian government access and bribery to evade taxes and secure military-service exemptions.
Court filings describe Zolotarjovs as the only member of the organization prosecuted in U.S. court to date, with prosecutors detailing how he escalated pressure on victims who resisted payment, including by threatening to leak stolen pediatric health data. The case is significant for its explicit articulation of cybercriminal-to-state linkages in Russia and for the lengthy U.S. sentence imposed on an extradited operative.