A member of the Russian Karakurt ransomware group has been charged within the U.S. for cash laundering, wire fraud, and extortion crimes.
An investigation from the FBI uncovered that 33-year previous Deniss Zolotarjovs was a member of the Karakurt extortion operation that compromised firm techniques, stole knowledge, after which demanded a ransom from the victims below the specter of leaking the info publicly or promoting it to different cybercriminals.
The person is a Latvian nationwide who lived in Moscow, Russia. In December 2023 he was arrested in Georgia, Jap Europe, and was extradited to the U.S. earlier this month.
“In accordance with court docket paperwork, Zolotarjovs is a member of a recognized cybercriminal group that assaults laptop techniques of victims world wide,” the U.S. Division of Justice (DoJ) says in a press launch.
“The group maintains a leaks and public sale web site that lists sufferer corporations and provides stolen knowledge for obtain.”
Karakurt ‘chilly case’ negotiator
Though the DoJ didn’t title the ransomware operation, court docket paperwork present the Zolotarjovs’ connection to Karakurt, the place he operated below the alias “Sforza_cesarini.”
Particularly, the FBI has linked Zolotarjovs with at the least six instances of extortion impacting American organizations that occurred between August 2021 and November 2023.
In a kind of instances, a victimized firm paid Karakurt a ransom of greater than $1.3 million. One other sufferer negotiated and paid $250,000 to the menace actor to keep away from having its knowledge leaked.
Zolotarjovs’s position was to barter so-called “chilly case extortions” for the Karakurt operation, when communication after the assault had halted with no ransom being paid.
Zolotarjovs was recognized by way of cryptocurrency tracing, communication evaluation, and knowledge obtained from search warrants executed on Rocket.Chat, linking him to the extortion and cash laundering actions.
Karakurt is a cyber gang that launched operations in mid-2021, focusing fully on knowledge exfiltration and extortion with out deploying any encryption instruments within the assaults.
Between September to November 2021, the group had printed 40 victims on its public leaks web site, 95% of them being based mostly in North America.
In April 2022, Karakurt was uncovered as being a knowledge extortion arm of Conti, a infamous cybercrime syndicate that has since been dismantled.
In June 2022, the U.S. authorities warned victims of Karakurt to not pay a ransom, noting that the hackers would almost definitely promote the info to others anyway, and never delete it as promised.
The subsequent month, Karakurt launched a search device on its leak web site to make it simpler to seek out particular knowledge within the stolen datasets, successfully empowering the blackmail course of and growing the strain on the victims.
Zolotarjovs is the primary Karakurt member to be arrested and extradited to the U.S., and this success may result in the identification and prosecution of extra members sooner or later.
Concerning the potential sentence, every of the talked about crimes incurs a most of 20 years in jail, plus a superb of as much as $500,000 or twice the worth of property concerned within the transaction for conspiracy to commit cash laundering.