Understanding the $1 Million Payment to Cyber Extortionists
In a startling revelation from a recent Ransom-ISAC case study, it was uncovered that a U.S. government entity paid approximately $1 million to a group known as Kairos. This decision was made to protect sensitive data taken during a breach, despite the hackers never locking a single file. The report, based on leaked negotiation chats and blockchain analysis, points towards Union County, Ohio, but both the county and Kairos have not confirmed this connection.
Why Did They Pay?
The negotiation process reportedly lasted about a month, kicking off with Kairos demanding $3 million for the nearly 1.6 million files they had stolen. In a dramatic back-and-forth, the county's initial counteroffer of $100,000 gradually increased to a final payment of $1 million. This payment was made in mid-June 2025, using roughly 9.44 bitcoins, demonstrating how cybercriminals are adept at laundering cryptocurrency through various exchanges. While Kairos provided a "proof of deletion" file as part of the deal, skeptics argue that this only serves as flimsy evidence that the data was ever destroyed.
The Changing Landscape of Ransomware
This incident highlights a concerning trend in ransomware attacks. Traditionally, ransomware involves encryption, where attackers lock files and demand payment for decryption. However, as reported by Sophos, only about 50% of such attacks now involve encryption—down from 70% a year earlier. In this scenario, the actual data theft served as the leverage against the county, increasing pressure without the typical ransomware tactics of locking files.
A Greater Threat to Local Governments
What makes the events in Union County particularly significant is the broader implications for local governments. Historically thought to be safe from high-stakes attacks, smaller governmental bodies are increasingly targeted for their sensitive data and limited cybersecurity resources. In 2025 alone, over 60 U.S. government entities reported ransomware attacks.
Lessons Learned
The Union County incident serves as a stark reminder that no organization, regardless of size, is immune to ransom threats. Strengthening cybersecurity measures, including regular staff training and updated technology infrastructure, becomes vital to safeguarding sensitive information. Local agencies must learn from these occurrences and develop robust cybersecurity strategies as a matter of priority to protect public trust and data integrity.
Conclusion: Preparation is Key
This case highlights the need for vigilance and preparedness in the face of evolving cyber threats. As the tactics of cybercriminals change, so too must the strategies employed by local governments and organizations to mitigate risks. Effective, proactive measures can make a significant difference in preventing future incidents, ensuring public safety, and maintaining trust among community members.
Write A Comment