Cybercrime

Feds arrest Latvian man accused of extorting Karakurt victims

The man was extradited to the U.S. this month after being arrested in Georgia in December, prosecutors say.

August 23, 2024

A seal for the Department of Justice is seen on a podium ahead of a news conference with U.S. Attorney General Merrick Garland at the Department of Justice Building on March 21, 2024 in Washington, DC. (Photo by Anna Moneymaker/Getty Images)

Federal prosecutors this week charged a Latvian national who was living in Russia for his alleged role in extorting companies targeted by the Karakurt ransomware operation.

Deniss Zolotarjovs, 33, was arrested in the country of Georgia in December and extradited to the U.S. in August, the U.S. Attorney’s Office in the Southern District of Ohio said in a statement Tuesday.

Zolotarjovs is facing charges of money laundering conspiracy, wire fraud conspiracy, extortion conspiracy and extortion, according to court documents. He appeared in a federal court in Cincinnati on Tuesday.

Karakurt was a data encryption and extortion spinoff from Conti, a once-prolific ransomware operation that wound down in May 2022 after internal materials were leaked in the wake of the group’s administrators’ support for the Russian invasion of Ukraine. Karakurt’s most recent post to its dark web dates to September 2023, according to eCrime.ch, an online cybercrime research platform.

The FBI was able to unmask Zolotarjovs after a confidential source provided a copy of communications from a private Rocket.Chat server located at a specific dark web address, as well as login credentials for the server, FBI Special Agent Connor Lentz wrote in a Nov. 28, 2023 affidavit. The server contained discussions of Karakurt victims both known and unknown to the FBI, Lentz wrote.

Cryptocurrency payments discussed in the chats eventually connected the FBI to a cryptocurrency wallet linked to Zolotarjovs.

Additionally, an unnamed “editor of an online cybersecurity news blog” contacted the FBI after an anonymous person approached the blog and said they’d been contacting previous Karakurt victims and asking for money in exchange for deleting private data found while privately investigating the Karakurt group, Lentz wrote.

The person wanted the editor’s help in convincing the victims to pay the money, either by actively convincing them or publishing the stolen data. The editor refused to help the person, but connected them with the FBI so they could potentially get financial rewards.

Lentz communicated with the person multiple times through a ProtonMail email address, and eventually tied data associated with that address to information previously gathered, which all linked to Zolotarjovs, according to the affidavit.

An attorney for Zolotarjovs could not immediately be identified.