Latvian Man Sentenced to Over 8 Years for Role in Conti-Linked Ransomware Attacks

A federal judge sentenced a Latvian national to 102 months in prison for his role in a series of ransomware attacks spanning more than two years, the U.S. Department of Justice announced on Monday.

Deniss Zolotarjovs, a 35-year-old resident of Moscow at the time, assisted an organization led by former leaders of the notorious Conti ransomware group in extorting payments from over 54 companies. His primary responsibility involved pressuring victims to comply with ransom demands.

In one documented case, Zolotarjovs instructed co-conspirators to either leak or sell sensitive children’s health records stolen from a pediatric healthcare provider. He later distributed this stolen data to hundreds of patients, according to court records.

The ransomware gang operated under multiple aliases during Zolotarjovs’ involvement, including:

• Conti
• Karakurt
• Royal
• TommyLeaks
• SchoolBoys Ransomware
• Akira

Together, Zolotarjovs and his co-conspirators extorted nearly $16 million in confirmed ransom payments. Authorities estimate the group’s activities caused hundreds of millions of dollars in losses, excluding the long-term financial and psychological harm inflicted on tens of thousands of individuals whose personal data was compromised.

“Deniss Zolotarjovs helped his ransomware gang profit from hacks of dozens of companies, and even on a government entity whose 911 system was forced offline.”
A. Tysen Duva, Assistant Attorney General, Justice Department’s Criminal Division

Investigators revealed that Zolotarjovs researched victim companies and analyzed stolen data to identify leverage points against targets. Many of the affected organizations were based in the United States during his active involvement, which spanned from June 2021 to August 2023.

Zolotarjovs was arrested in December 2023 in the country of Georgia and extradited to the United States in August 2024. He pleaded guilty to charges of money laundering and wire fraud in July 2025.

“Cybercriminals might think they are invulnerable by hiding behind anonymizing tools and complex cryptocurrency patterns while they attack American victims from non-extradition countries. But Zolotarjovs’s prosecution shows that federal law enforcement also has a global reach, and we will hold accountable bad actors like Zolotarjovs, who will now spend significant time in prison.”
Dominick S. Gerace II, U.S. Attorney for the Southern District of Ohio

The Russian-led ransomware operation was highly organized, spanning multiple teams and relying on companies registered in Russia, Europe, and the United States to obscure its activities. Authorities disclosed that the group included former Russian law enforcement officers, whose connections granted members access to Russian government databases. These resources were allegedly used to harass critics and recruit new members.

The Conti ransomware group was once one of the most prolific cybercrime organizations globally, targeting critical infrastructure providers, including Costa Rica’s government in 2022. The U.S. State Department responded by offering a $10 million reward for information leading to the identification of Conti’s leaders.

Despite suffering a major setback in 2022 when internal chats were leaked, Conti demonstrated remarkable resilience. The group disbanded later that year but its members regrouped under new aliases, including Zeon and Black.