US Government Agency Paid $1M to Data Extortion Group Kairos

US Government Agency Paid $1M to Data Extortion Group Kairos

First seen 4 Jul 2026, 23:18 UTC Securityaffairs.CoThenextwebwww.bleepingcomputer.comtechcrunch.comtherecord.media 90% similarity 54.0

Article Content

Browse articles
ThreatCluster

A U.S. government entity reportedly paid $1 million to the Kairos extortion group to prevent the public release of sensitive data. The payment was revealed in a Ransom-ISAC case study, which utilized a leaked negotiation chat and blockchain analysis. The incident appears to involve Union County, Ohio, although neither the county nor Kairos has confirmed this link. The extortion group did not employ traditional ransomware tactics, as there was no encryption or demand for a decryption key. Instead, they threatened to publish stolen files, including sensitive personal information from approximately 45,487 individuals. The negotiation lasted a month, with the initial demand set at $3 million, which was eventually settled at $1 million. The payment was made in bitcoin and subsequently laundered through various wallets. This case illustrates the evolving nature of ransomware, which increasingly involves extortion without encryption.

Key Points: • A U.S. government agency paid $1 million to Kairos to prevent data leaks. • The extortion involved no encryption, focusing instead on keeping stolen files private. • The incident may be linked to Union County, Ohio, which experienced a data breach affecting over 45,000 individuals.

ThreatCluster AI

Timeline

2025-05-01
Union County detects ransomware on its network
The county discovered ransomware activity and later notified affected individuals about stolen data, including sensitive personal information.
Thenextweb
2025-06-13
Payment of $1 million made to Kairos
The U.S. government agency completed the payment to Kairos after a month-long negotiation, settling from an initial demand of $3 million.
Thenextweb
2026-07-04
Ransom-ISAC case study published
A case study detailing the extortion incident and payment was published, revealing insights into the negotiation and blockchain tracing.
Securityaffairs.Co

Community

Browse all →