A Latvian national has been sentenced to over eight years in prison by a U.S. court for his involvement in a series of ransomware attacks. Deniss Zolotarjovs was convicted for his role within the notorious Karakurt ransomware gang, a group reportedly spearheaded by former leaders of the Akira and Conti ransomware operations. These individuals have previously been sanctioned by the U.S. Treasury due to their alleged ties to Russian intelligence services.

Prosecutors detailed how members of the Karakurt gang specifically targeted U.S. government entities, causing significant disruption to critical infrastructure, including 911 emergency dispatch systems. The group also engaged in the theft of sensitive data, such as children’s health information. Zolotarjovs was identified as being responsible for “escalating pressure” on victims who were reluctant to meet the gang’s demands for ransom payments. The U.S. Justice Department further revealed a critical aspect of the gang’s operations: their alleged reliance on access to Russian government databases and connections within Russian law enforcement to intimidate their targets.

This revelation underscores persistent concerns voiced by security researchers and U.S. officials about the alleged nexus between cybercriminals and the Russian state. For years, the Russian government has been accused of providing a safe haven for malicious hackers and ransomware gangs, often by refusing to extradite citizens implicated in damaging cyberattacks. U.S. authorities have consistently cited the growing threat of ransomware as a top national security challenge.

Beyond external attacks, the Justice Department also indicated that the Karakurt ransomware gang fostered significant corruption within the Russian government itself. These internal ties reportedly enabled the gang’s leaders to evade tax obligations and regularly bribe officials to exempt members from compulsory Russian military service. The gang is believed to have targeted more than 54 companies, coercing victims into paying at least $15 million in ransoms. While Karakurt does not appear to be an an active operation currently, ransomware groups frequently change ownership and names, often as a tactic to circumvent international sanctions. Zolotarjovs was apprehended in Georgia in 2023 and subsequently extradited to the United States in August 2024, where he later entered a guilty plea.