A federal judge sentenced a Latvian national to 102 months in prison for his involvement in a series of ransomware attacks for more than two years prior to his arrest in 2023, the Justice Department said Monday.

Deniss Zolotarjovs, a resident of Moscow at the time, helped an organization led by former leaders of the Conti ransomware group extort payments from more than 54 companies. 

The 35-year-old was mostly tasked with putting pressure on the crew’s victims. In one case, Zolotarjovs urged co-conspirators to leak or sell children’s health records stolen from a pediatric healthcare company and ultimately sent a collection of sensitive data to “hundreds of patients,” according to court records. 

The ransomware crew identified itself in ransom notes under multiple names during Zolotarjovs’ involvement, including Conti, Karakurt, Royal, TommyLeaks, SchoolBoys Ransomware, Akira and others. 

Zolotarjov and his co-conspirators extorted nearly $16 million in confirmed ransom payments from their victims. Officials estimate the group’s crimes resulted in hundreds of millions of dollars in losses, not including the psychological and future financial exposure confronting tens of thousands of people whose personal data was stolen.

“Deniss Zolotarjovs helped his ransomware gang profit from hacks of dozens of companies, and even on a government entity whose 911 system was forced offline,” A. Tysen Duva, assistant attorney general of the Justice Department’s Criminal Division, said in a statement. 

Officials said Zolotarjovs searched for points of leverage after researching victim companies and analyzing stolen data. Many of the victims impacted during his active participation between June 2021 and August 2023 were based in the United States.

Zolotarjov was arrested in the country of Georgia in December 2023 and extradited to the United States in August 2024. He pleaded guilty to money laundering and wire fraud in July 2025. 

“Cybercriminals might think they are invulnerable by hiding behind anonymizing tools and complex cryptocurrency patterns while they attack American victims from non-extradition countries,” Dominick S. Gerace II, U.S. attorney for the Southern District of Ohio, said in a statement. “But Zolotarjovs’s prosecution shows that federal law enforcement also has a global reach, and we will hold accountable bad actors like Zolotarjovs, who will now spend significant time in prison.”

The Russian ransomware crew was prolific and spread across multiple teams, relying on companies registered in Russia, Europe and the United States to conceal its operations. Authorities said the group included former Russian law enforcement officers whose connections allowed members to access Russian government databases to harass detractors and identify potential new recruits.

Conti was among the most prolific ransomware groups globally for a time, impacting hundreds of critical infrastructure providers, Costa Rica’s government in 2022, and ultimately leading the State Department to offer a $10 million reward for information related to Conti’s leaders. The group was notoriously resilient, bouncing back with new infrastructure and hitting new targets after a massive leak exposed chats between the group’s members in 2022.

Conti disbanded later that year, but members of the Cyrillic-language group rebranded under three subgroups: Zeon, Black Basta and Quantum, which quickly rebranded to Royal, before rebranding again to BlackSuit in 2024.

The post Latvian national sentenced for ransomware attacks run by former Conti leaders appeared first on CyberScoop.

Professional NBA and NFL athletes were allegedly deceived and victimized by a 34-year-old Georgia man’s sneaky social-engineering scheme that he ran while impersonating a well-known adult film star, the Justice Department said Monday.

Kwamaine Jerell Ford allegedly initiated and committed some of the crimes while incarcerated in federal prison for a similar, widespread phishing scam that also targeted college and professional athletes and musical artists starting in 2015. 

“While serving time for stealing credit card numbers from athletes and celebrities to fund his lifestyle, Ford allegedly engaged in the same conduct again,” Theodore S. Hertzberg, U.S. attorney for the Northern District of Georgia, said in a statement.

The alleged repeat offender, while adopting the persona of an adult film model, tricked professional athletes into providing him their iCloud login credentials and multifactor authentication codes for those accounts to steal financial and personally identifiable information to pay for personal expenses.

Ford is accused of executing more than 2,000 unauthorized transactions on professional athletes’ debit and credit cards from November 2020 to September 2024, according to an unsealed indictment. He was in federal custody for the first 14 months of the conspiracy and released on probation for prior crimes in January 2022.

Prosecutors did not name victims, divulge how many athletes Ford allegedly victimized during his latest scheme, or how much money he obtained through the conspiracy. 

He pleaded not guilty Friday to 22 charges for crimes including wire fraud, obtaining information by computer from a protected computer, access device fraud, aggravated identity theft and sex trafficking. Ford is being held without bail pending a trial. 

Using the adult film model’s identity, Ford allegedly enticed his high-profile victims to communicate with him on social media by falsely claiming he would send them adult film content through iCloud.

When a professional athlete responded, Ford allegedly sent phishing messages to the victim designed to look like legitimate Apple customer service text messages. Officials said Ford spoofed legitimate Apple customer service accounts and posed as an Apple customer support representative to request victims’ login details via text messages.

Prosecutors said Ford told his victims the messages contained a video file shared through an iCloud link that required them to reply with an MFA code. Ford allegedly attempted to access his victims’ iCloud accounts at the same time, triggering an MFA code delivery to the victim’s device.

Professional athletes who provided their iCloud MFA codes to Ford were ultimately tricked into giving him complete access to their iCloud accounts, officials said. Ford allegedly used that access to steal sensitive data, driver’s licenses and credit card information that he used for personal spending.

Ford also, while impersonating the adult film star, allegedly victimized an OnlyFans model by claiming he would advance their career. Prosecutors said Ford enticed the OnlyFans model to engage in and record commercial sex acts with professional athletes without their consent. 

“Ford clearly did not learn from his prior conviction for a similar scheme. This time, he allegedly escalated his criminal activity — stealing identities and money while also moving into coercion and sex trafficking,” Peter Ellis, acting special agent in charge at the FBI Atlanta office, said in a statement. 

Ford allegedly advertised the victim to targeted athletes, coordinated their travel to coincide with athletes’ known locations, and negotiated payments from the athletes for sex with the victim. Prosecutors said Ford took a financial cut from those commercial sex acts, many of which the victim was coerced into filming without the athletes’ knowledge. 

Ford is also accused of using these videos from the OnlyFans model to engage with additional athletes under false pretenses. When the OnlyFans model resisted filming the sex acts, Ford allegedly coerced them to send him money in lieu of the videos.

In 2019, Ford was sentenced to three years in prison and ordered to pay restitution of almost $700,000 after he pleaded guilty to computer fraud and aggravated identity theft. That scheme, which also ran for about four years, allowed Ford to hack into more than 100 Apple accounts belonging to high-profile professional athletes and rappers. 

Ford was still in prison for those crimes when he allegedly established a new scheme targeting similar victims on some of the same technology platforms.

You can read the indictment below.

The post Zero lessons learned: Convicted scammer allegedly ran another athlete-focused phishing scam from federal prison appeared first on CyberScoop.

A former federal official who tested and certified voting machines used in Fulton County, Georgia for the 2020 presidential election told a court that the federal government misrepresented key facts and omitted exculpatory public evidence while seeking a warrant in last month’s law enforcement raid.

The raid, carried out by the FBI and overseen by Director of National Intelligence Tulsi Gabbard, saw agents seize ballots and other documentation from the Fulton County election offices. A public affidavit cited five core allegations related to the county’s recordkeeping, electronic ballot image storage,  and election night reporting. Authorities allege these issues point to a potential conspiracy to intentionally manipulate the vote count in favor of Democrat Joe Biden.

Fulton County officials sued the federal government in response, arguing that the affidavit used to obtain a warrant for the raid “does not identify facts that establish probable cause that anyone committed a crime.”

Another filing includes sworn testimony from Ryan Macias, an elections expert who tested and certified the county’s voting machines while at the Election Assistance Commission. In his testimony, Macias told the court that the government’s key claims have already been investigated and have been found to be baseless.  

He said the FBI’s “many individual omissions and misstatements” in its affidavit reflect “gross mischaracterizations” of how elections work and directly contradict the conclusions of multiple prior investigations into the Nov. 2020 election in Fulton County.

“Once the statements and omissions in the Affidavit are corrected and based on my experience administering elections, the Affidavit does not have a substantial basis in reality,” Macias stated.

For instance, the FBI’s affidavit cites the absence of scanned images of all 527,925 ballots for the original count and recount. But Macias, who served as an adviser to Fulton County and witnessed pre and post-election operations in 2020, said this was standard practice.  Jurisdictions typically send only the vote count records from their machines on election night, because ballot images and audit logs are much larger files that can slow down the reporting process.

Macias also notes that the FBI affidavit omits that this issue was already investigated by Republican Secretary of State Brad Raffensperger, who found Georgia election workers weren’t required by law to preserve such images until a state law passed in 2021.

An investigator from Raffensperger’s office later told the Board of Elections that “it was “important to note that ballots can be scanned and tabulated without capturing ballot images,” while general counsel Charlene McGowan testified that ballot images play no role in the vote tabulation process and Fulton County’s paper ballots – counted three times – were the “most important” documents to verify the count.

“These explanations about the storing of ballot images have been publicly available for some time,” Macias noted.

Similarly, the FBI cites instances where some Fulton County ballots were scanned multiple times, claiming it shows evidence of “an intentional tabulation of ballots in a false matter” to make the recount and original vote counts match. The bureau also pointed to small, non-determinative differences between the county’s machine recount and totals from a hand-counted risk-limiting audit.

But the federal government again failed to mention in its petition for a warrant that these claims were “exhaustively” investigated by the Secretary of State’s office, which found the errors were benign, the duplicates weren’t counted, and did not impact the final vote count in the state’s count of the 2020 presidential contest.

According to Macias, the government’s affidavit also contains errors about basic facts about Fulton County’s reporting process. This includes misreporting the correct official vote count and the date and time it was transmitted to state officials for tabulation.

The post Fulton County lawsuit claims feds used ‘gross mischaracterizations’ to justify raid appeared first on CyberScoop.