A case study by Ransom-ISAC highlights a ransomware attack in which a local government in Ohio paid a $1 million ransom without any files being encrypted. The attackers threatened to publish confidential data, including sensitive records from the county prosecutor's office, claiming to have stolen about two terabytes of information. Initially demanding $3 million, the Kairos group ultimately settled for 9.44 Bitcoins after the victim negotiated down to a lower amount.
Concerns raised include the trust placed in attackers regarding data deletion and the futility of paying ransoms, which doesn't ensure data protection and may fuel further cybercrime.