- Union County, Ohio, paid roughly $1 million in Bitcoin to the cyber group Kairos to prevent stolen data from being leaked, according to a new case study.
- The attack involved pure data theft without file encryption, reflecting a broader shift where only about half of ransomware attacks now involve locking systems.
- The payment was traced through a chain of wallets to exchanges including Bybit, OKX, and a Russian service, but such tracking provides leads rather than definitive identities.
Union County, Ohio, a local government, paid approximately $1 million to the cyber group Kairos in June 2025 following a major data theft, as detailed in a blockchain analysis. The attackers stole over 2 terabytes of sensitive files, including Social Security numbers and passport details from nearly 45,500 residents. However, Kairos never used ransomware to encrypt the county’s systems, operating instead as a pure data-extortion operation. Consequently, this case exemplifies a modern trend where data theft alone is the primary leverage for extortion.
The negotiation, reconstructed from leaked chats, began with a $3 million demand before settling at the final $1 million figure. Kairos transferred the roughly 9.44 Bitcoin through multiple wallets linked to major crypto exchanges. Meanwhile, the group provided a dubious “proof of deletion” file that merely confirmed prior access to the stolen data. This act highlights the inherent risk in trusting a criminal’s promise to destroy stolen information.
Research from 2025 indicates this non-encrypting method is increasingly common, with groups like the Silent Ransom Group employing similar tactics. The attack’s initial access reportedly came from a simple guessed password, underscoring basic security failures. Therefore, experts recommend multi-factor authentication and monitoring for unusual data transfers as critical defenses. For small governments, the financial and reputational damage from such breaches remains a persistent and costly threat.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
