A Latvian national, Deniss Zolotarjovs, was sentenced to 8.5 years in federal prison for his role as a “cold case” negotiator for the notorious Karakurt extortion gang. The 35-year-old, also known online as “Sforza_cesarini,” received his 102-month sentence on May 4, 2026, in Cincinnati, Ohio, after pleading guilty in July 2025 to conspiring to commit money laundering and wire fraud. His arrest in Georgia, Eastern Europe, in December 2023 and subsequent extradition to the United States in August 2024 mark a significant victory against the sophisticated cybercrime group.
The Karakurt group, operating under aliases like TommyLeaks and SchoolBoys Ransomware, is a Russian cybercrime organization specializing in data extortion. Unlike traditional ransomware outfits that encrypt victim data, Karakurt’s modus operandi involves stealing sensitive information and then leveraging threats of public leakage or auction to extort payment, typically in Bitcoin. Ransom demands from the group have been substantial, ranging from $25,000 to an alarming $13,000,000. Emerging in late 2021, the group is widely believed to have strong ties to the infamous Conti ransomware gang, potentially serving as its dedicated data extortion arm.
The Role of a Karakurt Extortion Gang Negotiator
Zolotarjovs’s specific role within the organization was critical: he served as a “cold case” negotiator, engaging with victims who had initially refused to pay the ransom. His tactics involved meticulous research into targeted companies and a chilling analysis of stolen personal and health information, including highly sensitive children’s health data, all designed to amplify psychological pressure on victims. Online chat logs presented during the investigation clearly demonstrated his direct involvement in ransom negotiations and strategic planning of extortion threats alongside his co-conspirators. It is important to note that Zolotarjovs did not personally execute the initial cyber intrusions.
“Zolotarjovs leveraged highly sensitive personal and health information to exert maximum psychological pressure on victims, turning stolen data into a potent weapon.”
During Zolotarjovs’s active involvement, spanning from June 2021 through March 2023, the Karakurt group claimed at least 53 victims, resulting in documented actual losses exceeding $56 million. The impact of his negotiations was tangible, with one company paying $1.3 million and another $250,000. Victim companies and their clients were spread across the Southern District of Ohio, North America, and Europe. The stolen data frequently included critical client records such as Social Security numbers, addresses, dates of birth, and comprehensive healthcare information. In one particularly egregious instance, the group even managed to force a government entity’s 911 system offline, demonstrating their disruptive capabilities.
Laundering Cryptocurrency and Future Implications
Zolotarjovs received a 10% commission for his efforts, paid in cryptocurrency, which he then laundered through various Russian exchanges. His arrest and extradition represent a significant milestone, as he is the first alleged Karakurt member to face justice in the U.S. This prosecution sends a strong message to cybercriminals operating globally. Following the completion of his 8.5-year federal prison sentence, Zolotarjovs is anticipated to be deported back to Russia. This case underscores the ongoing global effort to combat sophisticated cyber extortion operations and protect businesses and individuals from devastating data breaches and financial losses. For more details on similar incidents, please refer to our related Tech news.




