A U.S. government agency paid $1 million to the data extortion group Kairos, focusing on data theft rather than traditional ransomware, as reported by Ransom-ISAC. Kairos accessed the agency through a brute-force attack and claimed to possess over 1.6 million files, demanding payment to prevent public disclosure. The negotiation lasted 28 days, starting with a $3 million demand, eventually settling at $1 million.
The agency has denied any direct link to ransomware, although initial communications described the incident as such. The report underscores the effectiveness of data-only extortion tactics, which can create substantial pressure even without encryption or operational disruption. The payment was tracked through Bitcoin movements, indicating organized operational methods on Kairos's part.