securityaffairs.com 7/4/2026, 5:51:31 PM · external

US Agency Pays $1M to Hackers After Data Theft Extortion

US Agency Pays $1M to Hackers After Data Theft Extortion
Developing story incident 2 articles tracked
US Government Agency Pays $1 Million to Extortion Group Kairos
CyberSIXT Evidence Panel
Primary Source ransom-isac.org
Threat Actor

A U.S. government agency paid $1 million to the data extortion group Kairos, focusing on data theft rather than traditional ransomware, as reported by Ransom-ISAC. Kairos accessed the agency through a brute-force attack and claimed to possess over 1.6 million files, demanding payment to prevent public disclosure. The negotiation lasted 28 days, starting with a $3 million demand, eventually settling at $1 million.

The agency has denied any direct link to ransomware, although initial communications described the incident as such. The report underscores the effectiveness of data-only extortion tactics, which can create substantial pressure even without encryption or operational disruption. The payment was tracked through Bitcoin movements, indicating organized operational methods on Kairos's part.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline