U.S. County Pays $1 Million Ransom to Prevent Data Leak

U.S. County Pays $1 Million After Kairos Ransomware Threatens Data Leak | CyberPro Magazine

Key Takeaways

  • A U.S. government entity paid $1 million to block data leaks.
  • The extortionist group Kairos stole files without deploying any encryption software.
  • Security experts urge stronger multi-factor authentication to prevent similar network compromises.

Government Entity Pays Kairos Ransomware To Secure Stolen Files

A U.S. government entity, identified through research as Union County, Ohio, paid approximately $1 million in bitcoin to prevent a criminal group from publicly releasing sensitive stolen records.

The payment was made on June 13, 2025, following a month of high-stakes negotiations between the county and a group calling itself Kairos Ransomware. Unlike traditional ransomware attacks, the group did not encrypt the county’s systems or lock files but instead threatened to dump 2 terabytes of confidential information unless the ransom was met.

The stolen data reportedly included Social Security numbers, financial details, and internal documents from the local prosecutor’s office. Researchers discovered the breach details through a leaked negotiation chat and blockchain analysis, which showed the county ultimately paid 9.44 bitcoin to stop the threatened data dump.

Shift In Extortion Tactics Targets Vulnerable Networks

Cybersecurity analysts note that Kairos represents a growing trend of ‘pure’ data-theft extortion. By abandoning file encryption, these actors avoid triggering traditional security alarms that monitor for bulk file modification, allowing them to remain undetected within a network for longer periods.

“This group operates more like a digital burglar than a traditional Kairos Ransomware gang,” said Rakesh Krishnan, a cybersecurity researcher with Ransom-ISAC who analyzed the case. “They steal the valuables and demand payment for silence, knowing that sensitive government data is a toxic asset that victims cannot afford to see published.”

The extortionists specifically leveraged the presence of a ‘prosecutor’s office’ folder to pressure the county, claiming that the release of those records would help criminals avoid legal charges. This psychological pressure, combined with tight deadlines and countdown timers, pushed the county to increase its initial $100,000 offer to the final $1 million demand.

Authorities Highlight Need For Improved Digital Security

Despite the payment, experts caution that victims have no guarantee that their stolen data was actually destroyed. The payment only provides the thief’s word that files have been deleted, creating a significant risk for the county if the stolen records appear elsewhere in the future.

“Paying to make stolen data disappear is an act of faith, and the receipt is written by the thief,” another security analyst noted. “Organizations with limited resources must prioritize defensive measures, such as multi-factor authentication, to ensure they do not become the next target for these extortionists.”

While the county has not publicly confirmed the incident, records indicate that it disclosed a security event in May 2025. Union County officials have yet to respond to requests for comment regarding the specific payment or the current status of the affected data.

Visit CyberPro Magazine for the latest business and technology insights.

LinkedIn
Twitter
Facebook
Reddit
Pinterest