U.S. Court Sentences Latvian Hacker: Ransomware Gang Tapped Into Russian Government Databases

A recent U.S. Department of Justice (DOJ) ruling has spotlighted a disturbing connection between cybercriminals and the Russian state. A federal court sentenced Latvian national Deniss Zolotarjovs to over eight years in prison for his role in ransomware attacks carried out by the Karakurt gang. This case reveals how the ransomware gang allegedly accessed Russian government databases and law enforcement networks to intimidate victims.

The Karakurt Gang and Its State Ties

According to the DOJ, Zolotarjovs worked for Karakurt, a group led by former leaders of the Akira and Conti ransomware gangs. These leaders were previously sanctioned by the U.S. Treasury for links to Russian intelligence. Prosecutors detailed how the gang used access to Russian government databases to gather information on victims, amplifying their threats.

Building on this, the DOJ statement emphasized that the gang “fueled corruption” within the Russian government. Members paid bribes to officials to avoid taxes and military service, while the state provided a protective shield against Western law enforcement.

How Russian Databases Were Used

Security researchers have long warned that Russian state agencies often turn a blind eye to cybercriminals. The Karakurt case goes further, showing active collaboration. The gang reportedly exploited law enforcement connections to pressure victims into paying ransoms, disrupting critical U.S. systems like 911 emergency dispatch and stealing children’s health data.

In addition, the DOJ noted that the gang targeted over 54 companies, extracting at least $15 million in ransom payments. This level of success would be impossible without state complicity, experts argue.

Zolotarjovs’ Role and Sentencing

Zolotarjovs was responsible for “escalating pressure” on victims who refused to pay. He was arrested in Georgia in 2023, extradited to the U.S. in August 2024, and later pleaded guilty. His eight-year sentence reflects the severity of the attacks, which included data theft and service disruptions.

However, this case is just one piece of a larger puzzle. U.S. officials have repeatedly labeled Russia a “safe haven” for cybercriminals, citing the threat from ransomware as a top national security challenge. The Russian Foreign Ministry did not respond to requests for comment.

Broader Implications for Cybersecurity

This verdict underscores the urgent need for international cooperation against cybercrime. While Karakurt is no longer active—some operations change names to evade sanctions—the model persists. The DOJ’s findings highlight how state-backed cybercrime networks can operate with impunity.

To learn more about protecting your organization, explore our guide on ransomware prevention strategies. Additionally, understanding state-sponsored cyber threats can help businesses stay resilient.

Conclusion

The sentencing of Deniss Zolotarjovs marks a rare win against a ransomware ecosystem deeply entangled with the Russian state. Yet, as the DOJ revealed, the gang’s access to Russian government databases shows how cybercriminals continue to exploit state resources. This case serves as a stark reminder: ransomware is not just a technical problem—it’s a geopolitical one.