US charges alleged member of Russian Karakurt ransomware group

Avatar

A member of a Russian cybercrime group has been charged in a U.S. court this week with money laundering, financial fraud and extortion, according to a statement by the U.S. Department of Justice (DOJ).

Deniss Zolotarjovs, a 33-year-old Latvian national who lived in Moscow, was arrested by law enforcement in the republic of Georgia in December 2023 and was extradited to the U.S. earlier this month.

According to court documents, Zolotarjovs is linked to the ransomware group Karakurt, which steals victim data and threatens to release it unless a ransom is paid in cryptocurrency.

The group maintains a leak site and auction portal that lists victim companies and offers stolen data for download. The group’s ransom demands have ranged from $25,000 to $13 million in Bitcoin.

Previous reports indicate that Karakurt was linked to the now-defunct ransomware gang Conti. Researchers suggest that Karakurt was a side operation of the group behind Conti, allowing them to monetize data stolen during attacks when organizations were able to block the ransomware encryption process.

Zolotarjovs allegedly operated under the alias “Sforza_cesarini” and was an active member of Karakurt. He is accused of communicating with other members, laundering cryptocurrency, and extorting the group’s victims. According to the DOJ, he is the first alleged member of the group to be arrested and extradited to the U.S.

Court documents link Zolotarjovs to attacks on at least six unnamed U.S. companies.

In one 2021 attack, Karakurt stole “a large volume of private client data,” including medical records, Social Security numbers matched with names, addresses, dates of birth, home addresses, and lab results. Karakurt demanded a ransom payment of approximately $650,000, but the company negotiated it down to $250,000.

Zolotarjovs was likely responsible for conducting negotiations on Karakurt’s “cold case extortions” as well as performing open-source research to identify phone numbers, emails or other accounts through which victims could be contacted and pressured to either pay a ransom or re-enter a chat with the ransomware group. “Cold case extortions” refer to extortion cases that remain unsolved for an extended period.

“Some of the chats indicated that Sforza’s efforts to revive cold cases were successful in extracting ransom payments,” court documents said.

CybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Android malware used to steal ATM info from customers at three European banks

Next Post

Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group

Related Posts

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East

Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. "Sighting this group's [Tactics, Techniques, and Procedures] in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them," Kaspersky
Avatar
Read More

Dutch Regulator Fines Uber €290 Million for GDPR Violations in Data Transfers to U.S.

The Dutch Data Protection Authority (DPA) has fined Uber a record €290 million ($324 million) for allegedly failing to comply with European Union (E.U.) data protection standards when sending sensitive driver data to the U.S. "The Dutch DPA found that Uber transferred personal data of European taxi drivers to the United States (U.S.) and failed to appropriately safeguard the data with regard to
Avatar
Read More