CybersecurityJuly 4, 2026· via The Hacker News

U.S. government paid $1M in extortion case to suspected non-ransomware group

U.S. government paid $1M in extortion case to suspected non-ransomware group

Image : The Hacker News

A U.S. government entity quietly transferred about $1 million to prevent stolen files from being published online—only to discover the group receiving the money might not operate like a typical ransomware gang. According to a detailed case study by Rakesh Krishnan for Ransom-ISAC, the incident unfolded after sensitive files were exfiltrated and threatened for public release. The negotiation trail, including a leaked chat and the immutable record of a blockchain transaction, revealed the payment—but not the expected encryption lock that usually defines ransomware attacks.

Who is Kairos—and why it raises questions

The group involved, calling itself Kairos, demanded payment without triggering the file-locking mechanism commonly associated with ransomware operations. Krishnan’s analysis found no evidence that Kairos encrypted any systems or data during the incident. This unusual behavior has led researchers to question whether Kairos is a new type of extortion-focused actor, one that relies solely on the threat of data leaks rather than encryption to extract payments. If confirmed, such a model would represent a shift in cyber extortion tactics, where disruption takes a backseat to public exposure.

The payment trail and its implications

The blockchain record of the $1 million transfer provides clear evidence of the transaction, while the leaked negotiation log offers a rare glimpse into how such demands are framed and negotiated. For the affected government entity, the outcome suggests that even when encryption isn’t used, the pressure of potential data exposure can still force compliance. Security experts warn that this trend may embolden similar groups to adopt leak-only extortion models, potentially lowering the barrier to entry for cybercriminals and increasing the volume of such incidents.


Source: The Hacker News. AI-assisted editorial synthesis — TechnoExpress.

Read the original source on The Hacker News →

← Back to home