Home/News/US Government Paid $1 Million to Data-Theft Group Kairos
The Hacker News2 min read

US Government Paid $1 Million to Data-Theft Group Kairos

A United States government entity paid approximately $1 million to a group identified as Kairos to prevent the leak of stolen files. This information comes from a case study by Rakesh Krishnan for Ransom-ISAC, which utilized a leaked negotiation chat and blockchain transaction data to verify the payment. The study, published on March 18, 2024, highlights an unusual aspect of the transaction: the group receiving the payment, Kairos, did not appear to operate as a traditional ransomware gang.

Krishnan's investigation found no evidence that Kairos had encrypted or locked any systems belonging to the victim. Instead, the group's actions suggest a focus on data exfiltration and subsequent extortion through the threat of leaking sensitive information. The blockchain trail confirmed a transaction of roughly $1 million in cryptocurrency, traceable to wallets associated with Kairos. This case study provides a detailed look into the evolving tactics of cybercriminal organizations, moving beyond simple ransomware to data-only extortion.

The case study details the negotiation process, which involved direct communication between the government entity and Kairos. The threat of releasing the exfiltrated data served as the primary leverage for the extortion. The decision to pay the ransom was made by the government entity to mitigate potential damage from the data leak, which could have included exposure of sensitive information. The findings by Krishnan and Ransom-ISAC aim to shed light on these less-understood extortion schemes and inform defensive strategies for organizations facing similar threats.

Ransom-ISAC, an organization focused on information sharing and analysis regarding ransomware and extortion incidents, published the study to contribute to the broader understanding of cyber threats. The analysis of the blockchain data provided a verifiable record of the financial transaction, while the leaked chat logs offered insight into the negotiation dynamics. This dual approach allowed for a comprehensive examination of the incident, from the initial data theft to the resolution of the extortion attempt.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Read next