Summary: A member of the Russian cybercrime group Karakurt, Deniss Zolotarjovs, has been charged in the U.S. for money laundering, financial fraud, and extortion related to ransomware attacks. He is the first alleged member of the group to be extradited to the U.S. and is linked to significant data theft and ransom demands from multiple companies.
Threat Actor: Karakurt | Karakurt
Victim: Various U.S. companies | Various U.S. companies
Key Point :
- Deniss Zolotarjovs, alias “Sforza_cesarini,” was arrested in Georgia and extradited to the U.S. for his role in Karakurt’s ransomware operations.
- Karakurt is known for stealing sensitive data and demanding ransoms ranging from $25,000 to $13 million in Bitcoin.
- Zolotarjovs allegedly engaged in negotiations with victims and conducted research to facilitate extortion efforts.
- He is linked to attacks on at least six unnamed U.S. companies, including a significant data breach in 2021 involving medical records.
- This case marks a notable step in U.S. law enforcement’s efforts to combat ransomware and cybercrime originating from Russia.
A member of a Russian cybercrime group has been charged in a U.S. court this week with money laundering, financial fraud and extortion, according to a statement by the U.S. Department of Justice (DOJ).
Deniss Zolotarjovs, a 33-year-old Latvian national who lived in Moscow, was arrested by law enforcement in the republic of Georgia in December 2023 and was extradited to the U.S. earlier this month.
According to court documents, Zolotarjovs is linked to the ransomware group Karakurt, which steals victim data and threatens to release it unless a ransom is paid in cryptocurrency.
The group maintains a leak site and auction portal that lists victim companies and offers stolen data for download. The group’s ransom demands have ranged from $25,000 to $13 million in Bitcoin.
Previous reports indicate that Karakurt was linked to the now-defunct ransomware gang Conti. Researchers suggest that Karakurt was a side operation of the group behind Conti, allowing them to monetize data stolen during attacks when organizations were able to block the ransomware encryption process.
Zolotarjovs allegedly operated under the alias “Sforza_cesarini” and was an active member of Karakurt. He is accused of communicating with other members, laundering cryptocurrency, and extorting the group’s victims. According to the DOJ, he is the first alleged member of the group to be arrested and extradited to the U.S.
Court documents link Zolotarjovs to attacks on at least six unnamed U.S. companies.
In one 2021 attack, Karakurt stole “a large volume of private client data,” including medical records, Social Security numbers matched with names, addresses, dates of birth, home addresses, and lab results. Karakurt demanded a ransom payment of approximately $650,000, but the company negotiated it down to $250,000.
Zolotarjovs was likely responsible for conducting negotiations on Karakurt’s “cold case extortions” as well as performing open-source research to identify phone numbers, emails or other accounts through which victims could be contacted and pressured to either pay a ransom or re-enter a chat with the ransomware group. “Cold case extortions” refer to extortion cases that remain unsolved for an extended period.
“Some of the chats indicated that Sforza’s efforts to revive cold cases were successful in extracting ransom payments,” court documents said.
Recorded Future
Intelligence Cloud.
Source: https://therecord.media/us-charges-alleged-karakurt-ransomware-member