CINCINNATI — A Latvian man prosecutors call a “skilled and valued negotiator” for a Russian-based ransomware syndicate — who pressured victims by threatening to release stolen medical records, including children’s personal health information — has been sentenced to eight and a half years in federal prison.
Deniss Zolotarjovs, 33, known online as “Sforza_cesarini,” pleaded guilty to conspiracy to commit money laundering and conspiracy to commit wire fraud in connection with cyberattacks on more than 50 companies between June 2021 and August 2023.
Federal prosecutors say Zolotarjovs was part of “Karakurt,” a cybercrime organization tied to former leaders of the infamous Conti ransomware gang and operating out of St. Petersburg, Russia. Members allegedly included former Russian law enforcement officers and relied on corruption and government connections to avoid arrest — and even to recruit new hackers.
The Tri-State connection
The FBI says Karakurt ran “sophisticated” ransomware attacks targeting U.S. companies and local governments, including victims in the Tri-State.
According to a revised sentencing memorandum, Zolotarjovs’ job was to take over communications after the group had stolen sensitive data and issued ransom demands. Rather than immediately locking up systems, Karakurt often first exfiltrated large volumes of data and then leveraged that theft for maximum pressure.
Jason Cromartre, special agent in charge of the FBI Cincinnati, said a person perpetrating an attack will often use cyber methods to "lock up" a computer system.
“More often than not, it’s not just a matter of locking up the system … they’re also trying to extort not only money to unlock the system — which we call decryption — but also to get a payment so that they don’t publicize that," Cromartre said.
In chat logs reviewed by investigators, prosecutors say Zolotarjovs came across as calm, calculated and “ruthless.”
Cromartre said he was “very successful,” responsible for tens of millions of dollars stolen from more than a dozen companies known to law enforcement.
Targeting a children’s healthcare provider
In one attack that stood out in court, involving a pediatric healthcare IT provider known as “Victim Company-6,” Zolotarjovs allegedly studied stolen databases and found personal details about children and their families.
When the company refused to pay the ransom, prosecutors say Zolotarjovs emailed thousands of patients and investors, warning that their Social Security numbers and medical histories would be sold on the dark web.
The company suffered more than $17 million in losses, including legal fees from a class-action lawsuit as a result.
Prosecutors also say Zolotarjovs trained other Karakurt members in extortion tactics and laundered his commission — typically about 10% of each ransom payment — through multiple cryptocurrency wallets before cashing out on Russian exchanges.
Massive losses
The government documented $56,551,689.19 in losses from 13 victims linked to Zolotarjovs’ active participation. That figure does not include dozens of other cases where exact dollar amounts could not be calculated, and prosecutors believe the true total is likely in the hundreds of millions of dollars.
In southern Ohio alone, the FBI tracked more than 70 ransomware attacks in 2025 — a 50% increase from the year before.
WATCH: Officials discuss the significance of Zolotarjovs' sentencing
Sentence and consequences
U.S. District Judge Michael Barrett accepted the government’s recommendation for a stronger sentence than the 48 months Zolotarjovs' defense requested. Zolotarjovs was sentenced to eight and a half years in federal prison.
Once his sentence is complete and as long as he remains in the U.S., he will be under supervised release for three years. The judge ordered restitution matching the documented losses. Zolotarjovs must also pay a $100 special assessment.
During sentencing, Zolotarjovs told the court he was “grateful for this experience” and asked for mercy so he could return to his family in Russia, including two young children.
Defense attorney Igor Litvak told WCPO his client is genuinely remorseful.
“The overall message is people can change,” Litvak said. “Who he was years ago — involved in crime, extorting companies — he’s a completely different person today. He knows he can’t change the past, but the future is in his control, and he wants to spend the rest of his life being a good person.”
Litvak also criticized federal loss calculations, saying they hold defendants responsible for “anticipated” damages that may never materialize.
Only member so far to face justice in U.S.
Zolotarjovs is the first — and so far only — identified Karakurt member to face prosecution in a U.S. court. Federal officials hope the sentencing will send a strong deterrent message.
“Even if they’re thousands of miles away, we will find them,” prosecutors wrote in court filings. “Ransomware is not a victimless crime. It disrupts lives, damages businesses, and puts critical services at risk.”
Cromartre echoed that warning.
“It’s not worth it,” Cromartre said. “Either in terms of public embarrassment, the financial cost, sanctions. … To the criminals themselves, the FBI will be coming for you, no matter where you are. We have partners all over the world, law enforcement and in the private sector.”
Zolotarjovs will likely be deported after serving his sentence. The FBI says its investigation into Karakurt is still active and could lead to additional charges against other members.
If you believe you’ve been the target of a ransomware attack, you can report it to the FBI at ic3.gov, call 1-800-CALL-FBI or submit a tip at tips.fbi.gov.
If you have been a victim of alleged fraud or a ransomware attack, Jay wants to hear from you. You can contact him here:
