An unnamed US county – perhaps in Ohio – paid $1M extortion demand to cybercriminals

https://image.theregister.com/225421.jpg?imageId=225421&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

A US county reportedly paid $1 million to Kairos, an extortion gang that claimed to have stolen more than 2 TB of data, but the county never received independently verifiable proof that the stolen files had been deleted - just the criminals' promise.

This means the county’s stolen files may turn up for sale on a dark web forum, and the same (or another) crime crew could again demand an extortion payment to not leak the data.

It’s also a reminder that, despite the feds urging victims not to pay cybercriminals, sometimes coughing up the ransom demand seems to be the lesser of evils.

The alleged incident played out in May and June 2025, according to a case study by threat-intel researcher Rakesh Krishnan on Ransom-ISAC, a global knowledge-sharing platform for defenders and incident responders.

Krishnan based his report on a leaked transcript of the negotiations between the county and...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

Read more