Connect with us

Security

Government Pays $1 Million to Kairos in Data Theft Extortion Settlement

Published

on

The $1 Million Payment to Prevent Stolen Files Leak

An undisclosed U.S. government entity made a payment of approximately $1 million to prevent stolen files from being exposed, as revealed in a recent investigation by Rakesh Krishnan for Ransom-ISAC. The transaction was traced through a leaked negotiation chat and the blockchain, shedding light on the unusual tactics employed by the group known as Kairos.

Despite its self-identification as Kairos, there is no evidence to suggest that the group operates as a typical ransomware gang. Instead of encrypting or locking files, Kairos opted to steal sensitive data and demand payment to refrain from publishing it.

While the victim remains unnamed in the report, indications point towards Union County, Ohio. The stolen files, such as Union.xlsx and 1 union co psi template.doc, were linked to the county’s prosecutors’ office. In May 2025, Union County reported a ransomware attack that compromised the data of over 45,000 individuals, including Social Security numbers and passport details.

The negotiation between Kairos and the county spanned a month, with the demand starting at $3 million and ultimately settling at $1 million. The payment, made in bitcoin, was equivalent to around $1 million at the time.

The payment on-chain: about 9.44 BTC lands in the Kairos-linked wallet.

Following the payment, the bitcoin was traced to various wallets and crypto exchanges, highlighting the challenges of tracking such transactions. Kairos provided a “proof of deletion” file, but the extent of data removal was uncertain.

Although termed as ransomware by Union County, the Kairos incident did not involve file encryption. This departure from traditional ransomware tactics underscores a shift in cyber extortion strategies, with data theft becoming a primary leverage point.

Similar negotiation patterns have been observed in other cyber extortion cases, indicating a standardized approach among threat actors. Maintaining robust cybersecurity measures, such as multi-factor authentication and data segmentation, is crucial for mitigating such risks.

While Kairos may have faded from the spotlight, the lingering threat of data breaches underscores the importance of proactive security measures for organizations and government entities alike.

See also  Security Breach: AppsFlyer Web SDK Compromised by Crypto-Stealing JavaScript Malware

Trending