DOJ sentenced Deniss Zolotarjovs, 35, of Moscow to 102 months in federal prison on charges of conspiracy to commit money laundering and wire fraud, stemming from a ransomware campaign tied to the Conti gang that extorted more than 54 companies.
Zolotarjovs, a Latvian national arrested in Georgia in December 2023 and transferred to the US, pleaded guilty in July 2025. The operation ran from June 2021 through August 2023 under at least six names: Conti, Karakurt, Royal, TommyLeaks, SchoolBoys Ransomware, and Akira.
For 13 companies, documented losses exceeded $56 million, including about $2.8 million in direct ransom payments. Another 41 victims paid approximately $13 million in ransom. Investigators believe total losses likely reach hundreds of millions, though complete records aren’t available for all victims.
Zolotarjovs handled the pressure campaign. Court documents say he reviewed stolen data, researched victim companies, and pushed organizations slow to pay. When a pediatric healthcare provider refused to pay, he directed others to leak or sell the stolen children’s records, including Social Security numbers and healthcare information, to intimidate future victims. The group’s attacks also forced a government entity’s 911 system offline.
The group worked out of an office in St. Petersburg, used a hierarchical structure with separate teams, and relied on companies across Russia, Europe, and the US to conceal its activity. Much of the membership consisted of former Russian law enforcement officers who used government connections to access databases and recruit.
Assistant Attorney General A. Tysen Duva of DOJ’s Criminal Division said the department won’t stop pursuing international ransomware operators, no matter where they live or operate.
— James Okafor