Close Menu
geekfence.comgeekfence.com
    What's Hot

    The moral case for being less online

    July 5, 2026

    The new cyber frontline beneath the sea: Why subsea resilience must be built from day one

    July 5, 2026

    2026 BAIR Graduate Showcase – The Berkeley Artificial Intelligence Research Blog

    July 5, 2026
    Facebook X (Twitter) Instagram
    • About Us
    • Contact Us
    Facebook Instagram
    geekfence.comgeekfence.com
    • Home
    • UK Tech News
    • AI
    • Big Data
    • Cyber Security
      • Cloud Computing
      • iOS Development
    • IoT
    • Mobile
    • Software
      • Software Development
      • Software Engineering
    • Technology
      • Green Technology
      • Nanotechnology
    • Telecom
    geekfence.comgeekfence.com
    Home»Cyber Security»U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case
    Cyber Security

    U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

    AdminBy AdminJuly 5, 2026No Comments4 Mins Read0 Views
    Facebook Twitter Pinterest LinkedIn Telegram Tumblr Email
    U.S. Government Entity Paid Kairos  Million in Data-Theft Extortion Case
    Share
    Facebook Twitter LinkedIn Pinterest Email


    U.S. Government Entity Paid Kairos  Million in Data-Theft Extortion Case

    A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left.

    The odd part: the group that took the money calls itself Kairos, but it may not be a ransomware gang at all. Krishnan found no sign that it ever locked a single machine: no encryptor, no locker, no demand for a decryption key. The threat was simpler. Steal the files, then charge the victim not to publish them.

    Krishnan does not name the victim, but the chat points to Union County, Ohio. The proof-of-theft files carry names like Union.xlsx, 1 union co psi template.doc, and a final archive called union.rar. The victim calls itself a small county with limited resources. The attacker leans on one folder in particular, marked “prosecutors office,” warning that leaking it would help criminals dodge charges.

    The clues fit a real case. In May 2025, Union County, Ohio, said it detected ransomware on its network and later notified 45,487 residents and staff that their data had been taken, affecting most of the county of roughly 70,000. The stolen records ran from Social Security and financial details to fingerprints and passport numbers.

    Neither the county nor Kairos has confirmed the connection. But if it holds, a county government paid about $1 million it never publicly disclosed. The Hacker News has contacted the Union County Commissioners’ Office for comment. This story will be updated with any response.

    The negotiation ran for about a month. Kairos opened at $3 million and claimed it was holding more than 2 terabytes of data, some 1.6 million files. The county started at $100,000, crept up to $255,000, then $430,000. Kairos dropped to $2 million, then set a hard final number: $1 million, pay by Friday, or the files go public.

    The payment on-chain: about 9.44 BTC lands in the Kairos-linked wallet.

    It used the usual levers: a countdown timer, tight deadlines, and threats to dump the most sensitive folders first. The county paid on June 13, 2025, ten times its first offer.

    The payment was roughly 9.44 bitcoin, worth about $1 million at the time. Krishnan traced the money from there. Within hours, it was split in two and pushed through a chain of wallets toward deposit addresses tied to the crypto exchanges Bybit, OKX, and a Russian service called BELQI.

    That kind of tracing hands investigators leads, not names. And the money bought nothing solid. Kairos sent over a “proof of deletion” file, but a list of file names shows only that the attacker once had the files, not that the originals were wiped. Paying to make stolen data disappear is an act of faith, and the receipt is written by the thief.

    Union County called what happened to it ransomware, the word everyone reaches for, but in the Kairos case, nothing was locked. That is the real shift: much of what still gets called ransomware now skips encryption and uses the stolen data itself as the pressure point.

    Sophos reported in 2025 that only about half of ransomware attacks still involve any encryption, the lowest rate in six years. Some crews have dropped it entirely. Silent Ransom Group, a Conti offshoot, has spent years running pure data-theft extortion against U.S. law and finance firms with no encryptor at all.

    The Kairos chat fits a familiar negotiation pattern, too. When Black Basta’s internal chats leaked in February 2025, an analysis of the messages turned up a deal that ran from a $1.5 million demand to a $100,000 counter to a $1 million payment, almost the same arc. Those chats, and the Conti leaks before them in 2022, are how researchers now reconstruct the way these bargains actually get struck.

    Kairos itself has gone quiet. The leak site is down, and its last known victim showed up in June 2026. But a wallet tied to the operation was still moving money as recently as May 2026, a reminder that a dark leak site is not the same as a dead crew.

    For anyone running a small government network, the lessons are dull and familiar, which is rather the point. Turn on multi-factor authentication, since Kairos claimed it got in by simply guessing a password.

    Watch for repeated failed logins, large outbound data transfers, and burner file-sharing links like the temp.sh addresses Kairos used to move the files. Keep legal, HR, and citizen records walled off from the rest of the network. Have a public statement plan ready before you need one. And treat any promise to delete stolen data as worth exactly nothing.



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    FBI Seizes NetNut Proxy Platform, Popa Botnet – Krebs on Security

    July 4, 2026

    This month in security with Tony Anscombe – June 2026 edition

    July 3, 2026

    Getty Scraps $3.7B Shutterstock Merger After UK Curbs

    July 2, 2026

    Findings Report from the SOC at RSAC 2026 Conference

    July 1, 2026

    USB drives carrying China-linked malware infected Japanese military networks for nearly a year

    June 30, 2026

    Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

    June 28, 2026
    Top Posts

    Understanding U-Net Architecture in Deep Learning

    November 25, 202558 Views

    Hard-braking events as indicators of road segment crash risk

    January 14, 202631 Views

    Redefining AI efficiency with extreme compression

    March 25, 202628 Views
    Don't Miss

    The moral case for being less online

    July 5, 2026

    Hi readers! Shayla Love here, science journalist and longtime fan of Your Mileage May Vary.…

    The new cyber frontline beneath the sea: Why subsea resilience must be built from day one

    July 5, 2026

    2026 BAIR Graduate Showcase – The Berkeley Artificial Intelligence Research Blog

    July 5, 2026

    Object Detection, Pose Estimation & More

    July 5, 2026
    Stay In Touch
    • Facebook
    • Instagram
    About Us

    At GeekFence, we are a team of tech-enthusiasts, industry watchers and content creators who believe that technology isn’t just about gadgets—it’s about how innovation transforms our lives, work and society. We’ve come together to build a place where readers, thinkers and industry insiders can converge to explore what’s next in tech.

    Our Picks

    The moral case for being less online

    July 5, 2026

    The new cyber frontline beneath the sea: Why subsea resilience must be built from day one

    July 5, 2026

    Subscribe to Updates

    Please enable JavaScript in your browser to complete this form.
    Loading
    • About Us
    • Contact Us
    • Disclaimer
    • Privacy Policy
    • Terms and Conditions
    © 2026 Geekfence.All Rigt Reserved.

    Type above and press Enter to search. Press Esc to cancel.