general · TheHackerNews
A U.S. government entity paid approximately $1 million to the group Kairos to prevent the publication of stolen files, according to a case study by Rakesh Krishnan published by Ransom-ISAC. The analysis, based on leaked negotiation chat logs and blockchain records, indicates the victim was Union County, Ohio, which publicly disclosed a data breach in May 2025 affecting 45,487 residents and staff. Evidence in the negotiation records, such as file names referencing Union County and the prosecutors office, aligns with that incident, though neither party has formally confirmed the connection. Notably, Kairos deployed no encryption or file locking—the extortion relied entirely on threatening to publish stolen data. The negotiation lasted approximately one month, opening at a $3 million demand and settling at $1 million after the county countered with progressively higher offers. The payment of approximately 9.44 BTC was traced moving through multiple cryptocurrency wallets toward exchanges including Bybit, OKX, and BELQI.
This case exemplifies a significant shift in extortion tactics away from traditional ransomware encryption. Government entities, healthcare organizations, and other institutions handling sensitive citizen or patient records face growing risk from pure data-theft extortion, which bypasses the technical defenses designed to block encryption-based attacks. For state and local government networks, county health systems, and any organization managing PII at scale, the Kairos case underscores that credential security (the attacker reportedly guessed a password) and network segmentation—isolating legal, HR, and records systems—are now front-line defenses. Agencies and regulated entities should assume that deletion promises from threat actors carry no weight and that paying ransoms does not guarantee data removal. An Omniware engagement can scope vulnerability assessment, segmentation strategy, and incident response planning tailored to your organization's asset profile.
Source: The Hacker News - https://thehackernews.com/2026/07/us-government-entity-paid-kairos-group.htmlSource: TheHackerNewsAll briefings
Source: TheHackerNews
All briefings