← All stories
● Covered by 1 source Β· 1 reportHigh impact

US Government Entity Paid $1M to Kairos in Data Theft Extortion

Aggregated by BrevFeed security Β· updated 1h ago
πŸ”– Save

A U.S. government entity paid approximately $1 million to avoid the public release of stolen data, highlighting an extortion model where no ransomware was involved. This case underscores the increasing vulnerability of government systems to data theft and extortion threats.

Key points

Extortion Through Data Theft

A U.S. government entity paid about $1 million to the group Kairos to prevent the leaking of sensitive files, according to a case study by Rakesh Krishnan for Ransom-ISAC. The incident illustrates an extortion scheme that contrasts with traditional ransomware attacks which typically involve encrypting files. Instead, Kairos's approach centered on stealing files and threatening to publish them unless a ransom was paid.

Details of the Negotiation

The negotiation process lasted about a month, beginning with Kairos demanding $3 million while claiming to hold over 2 terabytes of data, including 1.6 million files. Initial offers by the county started at $100,000, incrementally increasing to $430,000 before settling at $1 million. Kairos utilized typical extortion tactics, including countdown timers and threats to release sensitive information first.

Potential Victim: Union County, Ohio

While the victim has not been publicly confirmed, clues suggest Union County, Ohio, which in May 2025 reported ransomware detected on its network, is implicated. The stolen data included sensitive details affecting approximately 45,487 residents, indicating a significant breach of personal information.

Bitcoin Payment Trail

The payment of roughly 9.44 bitcoins, valued at $1 million at the time, has been traced through multiple cryptocurrency wallets linked to exchanges such as Bybit, OKX, and a Russian service called BELQI. This tracing can assist law enforcement in tracking the movement of funds, though it does not provide specific identities of the perpetrators.

Implications for Government Security

This incident exemplifies the vulnerabilities present in government entities when facing advanced cyber threats. The necessity for improved cybersecurity measures to safeguard sensitive data from extortion is evident in the wake of this case. As extortion models evolve beyond traditional ransomware, entities must adapt their defenses accordingly.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

CVE CVE-2026-552008.1 HIGH CVE CVE-2026-468179.8 CRITICAL

Reporting from

A U.S. government entity paid approximately $1 million to avoid the public release of stolen data, highlighting an extortion model where no ransomware was involved. This case underscores the increasing vulnerability of government systems to data theft and extortion threats.