Conti ransomware gang member sentenced to 102 months in prison

A Latvian national who was part of a major Russian ransomware organization that stole from and extorted more than 54 companies has been sentenced to 102 months in prison.

Deniss Zolotarjovs, 35, of Moscow, Russia, was part of a group linked to former members of the Conti ransomware group. Prosecutors said the group used several names in its ransom notes, including Conti, Karakurt, Royal, TommyLeaks, SchoolBoys Ransomware, and Akira.

Zolotarjovs was arrested in Georgia in December 2023 and later transferred to the US. He pleaded guilty in July 2025 to conspiracy to commit money laundering and wire fraud.

The activity took place between June 2021 and August 2023. During that time, the group stole data from more than 54 organizations, including companies in the United States.

For 13 companies, reported losses exceeded $56 million, including about $2.8 million in ransom payments. Another 41 victims paid about $13 million in ransom, though detailed loss figures are not available. Investigators believe total losses likely reach hundreds of millions of dollars.

According to court documents, Zolotarjovs was responsible for increasing pressure on victims who did not pay quickly. He reviewed stolen data, researched victim companies, and used access to sensitive personal information to push for payment.

Authorities noted that the attacks exposed personal data such as Social Security numbers, dates of birth, and healthcare information.

In one case, Zolotarjovs used stolen children’s health data from a pediatric healthcare provider to try to force payment. When the victim refused to pay, he told others in the group to leak or sell the records to create fear among future victims.

“With this sentence, a cruel, ruthless, and dangerous international cybercriminal is now behind bars,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division.

“Deniss Zolotarjovs helped his ransomware gang profit from hacks of dozens of companies, and even on a government entity whose 911 system was forced offline. He also used stolen children’s health information to increase his leverage to extort victim payments. The Criminal Division will continue to investigate and prosecute international hackers and extortionists from around the world, no matter where they live or operate,” added Duva.

Members of the group were Russian or based in Russia and for a time operated from an office in St. Petersburg, prosecutors stated. The organization used a hierarchical structure with separate teams and relied on companies in Russia, Europe and the US to conceal its activity.

Much of the group consisted of former Russian law enforcement officers who used their connections to access government databases, intimidate critics and recruit new members.