A U.S. government entity paid approximately $1 million to avoid the public release of stolen data, highlighting an extortion model where no ransomware was involved. This case underscores the increasing vulnerability of government systems to data theft and extortion threats.
A U.S. government entity paid about $1 million to the group Kairos to prevent the leaking of sensitive files, according to a case study by Rakesh Krishnan for Ransom-ISAC. The incident illustrates an extortion scheme that contrasts with traditional ransomware attacks which typically involve encrypting files. Instead, Kairos's approach centered on stealing files and threatening to publish them unless a ransom was paid.
The negotiation process lasted about a month, beginning with Kairos demanding $3 million while claiming to hold over 2 terabytes of data, including 1.6 million files. Initial offers by the county started at $100,000, incrementally increasing to $430,000 before settling at $1 million. Kairos utilized typical extortion tactics, including countdown timers and threats to release sensitive information first.
While the victim has not been publicly confirmed, clues suggest Union County, Ohio, which in May 2025 reported ransomware detected on its network, is implicated. The stolen data included sensitive details affecting approximately 45,487 residents, indicating a significant breach of personal information.
The payment of roughly 9.44 bitcoins, valued at $1 million at the time, has been traced through multiple cryptocurrency wallets linked to exchanges such as Bybit, OKX, and a Russian service called BELQI. This tracing can assist law enforcement in tracking the movement of funds, though it does not provide specific identities of the perpetrators.
This incident exemplifies the vulnerabilities present in government entities when facing advanced cyber threats. The necessity for improved cybersecurity measures to safeguard sensitive data from extortion is evident in the wake of this case. As extortion models evolve beyond traditional ransomware, entities must adapt their defenses accordingly.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
A U.S. government entity paid approximately $1 million to avoid the public release of stolen data, highlighting an extortion model where no ransomware was involved. This case underscores the increasing vulnerability of government systems to data theft and extortion threats.