102 months in federal prison — that is the sentence handed to Deniss Zolotarjovs for his role in a multi-year ransomware campaign that targeted more than 54 companies and, officials say, caused hundreds of millions of dollars in losses.
The conviction, the timeline, and the role attributed to Zolotarjovs
A federal judge sentenced the 35-year-old Latvian national to 102 months after prosecutors said he spent more than two years helping an organization led by former Conti leaders extort payments from victims. The Justice Department said Monday that Zolotarjovs was arrested in Georgia in December 2023, extradited to the United States in August 2024, and pleaded guilty to money laundering and wire fraud in July 2025. Authorities described his principal duty as “putting pressure” on victims — researching companies, analyzing stolen data for leverage, and urging co-conspirators to leak or sell sensitive information.
How the crew operated and the contours of the Conti-linked operation
Prosecutors say Zolotarjovs worked with a Russian-language ransomware crew led by former Conti leaders that operated under many names. During his active participation between June 2021 and August 2023, the group used ransom notes and public-facing identities including Conti, Karakurt, Royal, TommyLeaks, SchoolBoys Ransomware, Akira and others. Authorities described a sprawling, adaptive network that relied on companies registered in Russia, Europe and the United States to conceal operations, and that included former Russian law enforcement officers who leveraged access to government databases to harass targets and identify new recruits.
Conti itself is noted in the record as having been a highly prolific group, responsible for attacks on hundreds of critical infrastructure providers and for the 2022 intrusion into Costa Rica’s government; the State Department later offered a $10 million reward for information on Conti leaders. Conti formally disbanded in 2022, but members rebranded into subgroups — Zeon, Black Basta and Quantum — with Quantum later rebranding to Royal and then to BlackSuit in 2024.
Victims, stolen data, and confirmed payments
Officials said the crew, while Zolotarjovs participated, extorted nearly $16 million in confirmed ransom payments. Many victims were based in the United States. The campaign touched critical services as well as private companies: prosecutors said one government entity had its 911 system forced offline, and that a pediatric healthcare company suffered theft of children’s health records. In that case, court records show Zolotarjovs urged co-conspirators to leak or sell the records and “ultimately sent a collection of sensitive data to ‘hundreds of patients.’”
Beyond confirmed payments, officials estimate the group’s crimes produced hundreds of millions of dollars in losses, not counting the psychological harm and the future financial exposure confronting tens of thousands of people whose personal data was stolen.
What this means for security teams, healthcare providers, and U.S. law enforcement
- Security teams: The case underscores how ransomware crews use rebranding, multiple aliases, and corporate fronting across jurisdictions to evade detection. The record shows active exploitation of stolen data to create pressure points — security teams should expect threat actors to pair encryption or disruption with tailored extortion and doxxing threats.
- Healthcare providers: The prosecution highlights the acute risks to patient data and the downstream exposure of families; the pediatric example in the record demonstrates that attackers may deliberately target sensitive health records for public release or resale.
- U.S. law enforcement: Prosecutors framed the case as evidence of a global investigative reach. “Cybercriminals might think they are invulnerable by hiding behind anonymizing tools and complex cryptocurrency patterns while they attack American victims from non-extradition countries,” Dominick S. Gerace II, U.S. attorney for the Southern District of Ohio, said in a statement. “But Zolotarjovs’s prosecution shows that federal law enforcement also has a global reach, and we will hold accountable bad actors like Zolotarjovs, who will now spend significant time in prison.”
A closing observation
The sentence of Deniss Zolotarjovs closes one chapter in an elaborate, resilient criminal network that repeatedly adapted its branding and infrastructure after leaks and takedowns. As the Justice Department emphasized, the prosecution combines disruption of an actor who pressured victims and leaked sensitive records with a message about cross-border reach. For the companies and individuals named in the court record — including the pediatric patients whose records were distributed — the material harms and exposure will persist long after the term in prison begins.
