A authorities entity within the US reportedly paid a $1 million ransom to the Kairos cyber extortion group to forestall the general public dissemination of knowledge stolen in a Could 2025 intrusion, Ransom-ISAC experiences.
A leaked negotiation transcript exhibits that the extortion group demanded $3 million in cryptocurrency from the sufferer group, however ultimately settled for $1 million.
Kairos claimed to have stolen over 2 terabytes of information, or roughly 1.6 million recordsdata, after accessing the sufferer’s surroundings in a brute-force assault.
Through the three-week negotiation, the sufferer elevated its supply from $100,000 to $430,000, however ultimately accepted a tough deadline and the $1 million ransom, which was paid in Bitcoin on June 13.
The attackers pressured the sufferer with public publicity, whereas sustaining management of deadlines and proof-of-access artifacts.
“The affected entity’s responses are per a company shopping for time whereas authorized, management, monetary, and communications choices have been coordinated,” Ransom-ISAC notes.
The anti-ransomware group notes that the incident was an extortion assault and didn’t contain file-encrypting ransomware. The attackers’ proof-of-deletion seems selective, not complete, however the listings they supplied are per an actual file-server scrape.
Based on Ransom-ISAC, the supplied proof of deletion may have been generated by erasing a replica of the information, and no mechanism to independently confirm the deletion was supplied.
Ransom-ISAC didn’t identify the affected group, however the negotiation transcript identifies it as “a small county with very restricted sources.”
The affected authorities physique reportedly seems to be Union County, Ohio. In September, the county notified (PDF) 45,487 people that their private data was stolen in a ransomware assault in Could 2025.
The affected data included names, dates of start, driver’s license/state ID numbers, passport numbers, Social Safety numbers, monetary account particulars, fingerprint data, medical data, and fee card particulars.
SecurityWeek has emailed Union County for a press release on the matter and can replace this text if the county responds.
Associated: Aflac Japan Knowledge Breach Impacts 4.38 Million
Associated: Nissan Worker Knowledge Breached in Oracle PeopleSoft Hack
Associated: Insurance coverage Regulators Group NAIC Hit in Oracle PeopleSoft Hack
Associated: Extra Klue Breach Victims Recognized as Hackers Get Hacked









