US charges alleged member of Russian Karakurt ransomware group

Avatar

A member of a Russian cybercrime group has been charged in a U.S. court this week with money laundering, financial fraud and extortion, according to a statement by the U.S. Department of Justice (DOJ).

Deniss Zolotarjovs, a 33-year-old Latvian national who lived in Moscow, was arrested by law enforcement in the republic of Georgia in December 2023 and was extradited to the U.S. earlier this month.

According to court documents, Zolotarjovs is linked to the ransomware group Karakurt, which steals victim data and threatens to release it unless a ransom is paid in cryptocurrency.

The group maintains a leak site and auction portal that lists victim companies and offers stolen data for download. The group’s ransom demands have ranged from $25,000 to $13 million in Bitcoin.

Previous reports indicate that Karakurt was linked to the now-defunct ransomware gang Conti. Researchers suggest that Karakurt was a side operation of the group behind Conti, allowing them to monetize data stolen during attacks when organizations were able to block the ransomware encryption process.

Zolotarjovs allegedly operated under the alias “Sforza_cesarini” and was an active member of Karakurt. He is accused of communicating with other members, laundering cryptocurrency, and extorting the group’s victims. According to the DOJ, he is the first alleged member of the group to be arrested and extradited to the U.S.

Court documents link Zolotarjovs to attacks on at least six unnamed U.S. companies.

In one 2021 attack, Karakurt stole “a large volume of private client data,” including medical records, Social Security numbers matched with names, addresses, dates of birth, home addresses, and lab results. Karakurt demanded a ransom payment of approximately $650,000, but the company negotiated it down to $250,000.

Zolotarjovs was likely responsible for conducting negotiations on Karakurt’s “cold case extortions” as well as performing open-source research to identify phone numbers, emails or other accounts through which victims could be contacted and pressured to either pay a ransom or re-enter a chat with the ransomware group. “Cold case extortions” refer to extortion cases that remain unsolved for an extended period.

“Some of the chats indicated that Sforza’s efforts to revive cold cases were successful in extracting ransom payments,” court documents said.

CybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Android malware used to steal ATM info from customers at three European banks

Next Post

Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group

Related Posts

Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it. "Fake
Avatar
Read More

Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering

The 36-year-old founder of the Bitcoin Fog cryptocurrency mixer has been sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021. Roman Sterlingov, a dual Russian-Swedish national, pleaded guilty to charges of money laundering and operating an unlicensed money-transmitting business earlier this March. The U.S. Department of Justice (DoJ)
Avatar
Read More