Advertisement
Cyber Crime

When Local Government Surrenders to Seven-Figure Extortion Demands

An unnamed county allegedly bypassed federal guidance, paying a $1 million ransom to digital extortionists without any proof of data deletion.

·5 hours ago·3 min read
data security, digital extortion, government office, cyber crime
Photo by Picsum Photos on Unsplash
Advertisement

When a local government entity faces a sophisticated digital extortion campaign, the pressure to maintain public services often clashes with long-standing security advice against funding criminal operations. Recent evidence suggests one American county navigated this high-stakes dilemma by opting to pay a significant sum to a group known as Kairos, potentially setting a concerning precedent for how public agencies handle data-theft crises.

The Anatomy of a Secret Payment

The situation surfaced through a case study examining leaked negotiation transcripts that detail a tense exchange occurring throughout May and June 2025. While the specific victim remains officially unidentified, internal communications reveal a desperate plea from the agency, which claimed to be a small county with limited financial flexibility. The attackers, operating under the name Kairos, initially sought a payout of $3 million to withhold the publication of over 2 TB of exfiltrated data.

As the dialogue progressed, the county attempted to leverage its constrained budget, initially offering $100,000 before incrementally increasing the bid. The final settlement of $1 million was reached on June 9, 2025, after the county requested specific deliverables to ensure their sensitive information would not surface on the dark web.

“We have reviewed the situation with our leadership and financial teams. As a small county with very limited resources, we simply do not have the ability to meet the amount you have proposed. That said, we understand the seriousness of the matter and want to work toward a resolution. The most we have been able to identify at this time is $100,000. We respectfully ask that you consider this offer.”

The Verification Gap

A critical point of failure in this transaction was the lack of technical assurance regarding the data's fate. While Kairos provided a digital file they purported to be proof of deletion, the reality remains that there is no verifiable mechanism to ensure that the 1.6 million files stolen were actually destroyed. The attackers simply provided a verbal guarantee that they would neither leak the information nor target the victim again.

The incident mirrors disclosure documents from Union County, Ohio, which reported a security event involving unauthorized access between May 6, 2025 and May 18, 2025. Although the county acknowledged the theft of sensitive identifiers including Social Security numbers and medical records, it did not explicitly confirm the payment of a $1 million ransom.

  • $1 million: The final amount transferred to the extortionists.
  • 2 TB: The total volume of data claimed to have been stolen.
  • 1.6 million: The total number of files involved in the breach.
  • $430,000: The amount the county proposed before the final settlement.

The Perils of the Ransom Loop

For organizations, the core danger is that paying does not end the risk of secondary extortion. By fulfilling the demand, the agency potentially marked itself as a viable target for future attacks, either by the same group or other actors who obtain the leaked data. Despite federal warnings from entities like the FBI and CISA, the disparity in state-level regulations—such as prohibitions in North Carolina and Florida—leaves public institutions in a precarious position when faced with the immediate threat of a total data leak. Ultimately, the absence of a reliable verification process means the county has no way to prove its data is safe, leaving the long-term consequences of this payment unresolved.

#ransomware#data-extortion#cyber-security#public-sector
← Back to all stories
Advertisement