Latvian Hacker Linked to Karakurt Ransomware Group Extradited to US

• A Latvian national living in Moscow was charged with alleged conspiracy to commit money laundering and wire fraud.
• The individual is believed to be an active member of the Russian Karakurt ransomware group.
• He also stands accused of extortion, data theft, and violating the Hobbs Act.

Deniss Zolotarjovs, a 33-year-old Latvian national living in Moscow, Russia, has been charged federally in the U.S. for alleged conspiracy to commit money laundering, wire fraud, and violating the Hobbs Act in connection to a Russian ransomware gang since August 2021, the U.S. Department of Justice (DoJ) said this week.

Zolotarjovs is believed to have been an active member of the cybercrime group, stealing data, extorting victims, and laundering ransom payments. 

Zolotarjovs, also known under the moniker "Sforza_cesarini," was arrested in Georgia in December 2023 and was extradited to the U.S. this month, appearing in the District Court in Cincinnati on August 20. 

A November 2023 complaint filed in the U.S. District Court links the defendant to a data extortion crew tracked as Karakurt, which emerged as a splinter group when Conti was disintegrated in 2022, and he is the first alleged member of Karakurt to be arrested and deported to the U.S.

The 2023 complaint mentioned the messages of Sforza_cesarini on a private “Rocket.Chat” server hosted on a Tor URL revealed the individual negotiated with extortion victims, and his moniker was linked to his real name by the authorities by tracing an Apple iCloud account-registered crypto wallet’s Bitcoin transfers.

In recent news, Belarusian-Ukrainian cybercriminal known online as “J.P. Morgan,” the creator of Reventon running international ransomware campaigns and wire fraud schemes, faces decades in prison in the U.S. after being extradited from Poland on August 9. Two men, a Russian national and a Belarus national, were also arrested in connection to "J.P. Morgan."