Data Security

US government agency pays $1 million to data extortion group Kairos

Cybersecurity hologram and lock circuit, cyberattack and protection

Security Affairs reports that a U.S. government agency paid approximately $1 million in Bitcoin to a threat actor known as Kairos, a group primarily focused on data theft and extortion rather than traditional ransomware deployment.

The incident, detailed in a case study by Ransom-ISAC, involved Kairos gaining access to a U.S. government entity's network, reportedly through a brute-force credential attack. Instead of deploying encryption, Kairos exfiltrated over 1.6 million files, totaling 2 terabytes of data. The group then demanded a ransom not to publish the stolen information. Despite the victim referring to the incident as ransomware, no ransomware sample or encryption capability has been definitively linked to Kairos. The negotiation process lasted 28 days, with Kairos initially demanding $3 million and eventually accepting $1 million.

The victim, identified as a small county government, paid the ransom on June 13, 2025. Blockchain tracing revealed the rapid movement of the funds through various wallets and exchanges. This case highlights a growing trend of data-only extortion tactics, where the threat actor's leverage comes from the potential public exposure of sensitive data rather than operational disruption through encryption.

Source: Security Affairs

You can skip this ad in 5 seconds