County Government Reportedly Paid $1 Million to Cyber Extortion Group
A small Ohio county government reportedly paid a $1 million ransom to the Kairos cyber extortion group to prevent the public release of sensitive stolen data. The attackers gained access via a brute-force attack in May 2025, stealing over 2 terabytes of data including personal and financial information of approximately 45,487 individuals. The extortion involved negotiation over three weeks, with the ransom initially demanded at $3 million and settled at $1 million paid in Bitcoin. This incident was an extortion attack without file-encrypting ransomware. The attackers provided selective proof of deletion but no independent verification mechanism. The affected county publicly notified individuals of the breach in September 2025.
AI Analysis
Technical Summary
In May 2025, a small Ohio county government suffered a brute-force intrusion by the Kairos cyber extortion group, resulting in the theft of over 2 terabytes of data comprising about 1.6 million files. The stolen data included sensitive personal information such as names, dates of birth, government ID numbers, Social Security numbers, financial account details, fingerprint and medical information, and payment card details. The attackers demanded a $3 million ransom in cryptocurrency to prevent public disclosure, but after a three-week negotiation, the victim paid $1 million in Bitcoin on June 13, 2026. The attack was an extortion incident without ransomware encryption. The attackers provided selective proof of deletion, but no independent verification was possible. The county notified affected individuals in September 2025. The incident highlights risks from brute-force attacks leading to large-scale data theft and extortion demands.
Potential Impact
The breach exposed highly sensitive personal and financial information of approximately 45,487 individuals, including government-issued ID numbers, Social Security numbers, medical and fingerprint data, and payment card details. The public release of such data could lead to identity theft, financial fraud, and privacy violations. The victim organization incurred a significant financial loss by paying a $1 million ransom. The incident also likely caused reputational damage and operational disruption to the county government. No ransomware encryption was involved, but the extortion threat leveraged stolen data exposure.
Mitigation Recommendations
Patch status is not applicable as this is an incident report of a cyber extortion attack rather than a software vulnerability. The victim paid the ransom to prevent data release. Organizations should ensure strong authentication controls to prevent brute-force attacks, implement robust monitoring for unauthorized access, and have incident response plans for extortion scenarios. Since the attackers provided no independent proof of data deletion, affected individuals should be notified and advised to monitor for potential misuse of their information. No official fix or patch is relevant for this incident.
County Government Reportedly Paid $1 Million to Cyber Extortion Group
Description
A small Ohio county government reportedly paid a $1 million ransom to the Kairos cyber extortion group to prevent the public release of sensitive stolen data. The attackers gained access via a brute-force attack in May 2025, stealing over 2 terabytes of data including personal and financial information of approximately 45,487 individuals. The extortion involved negotiation over three weeks, with the ransom initially demanded at $3 million and settled at $1 million paid in Bitcoin. This incident was an extortion attack without file-encrypting ransomware. The attackers provided selective proof of deletion but no independent verification mechanism. The affected county publicly notified individuals of the breach in September 2025.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
In May 2025, a small Ohio county government suffered a brute-force intrusion by the Kairos cyber extortion group, resulting in the theft of over 2 terabytes of data comprising about 1.6 million files. The stolen data included sensitive personal information such as names, dates of birth, government ID numbers, Social Security numbers, financial account details, fingerprint and medical information, and payment card details. The attackers demanded a $3 million ransom in cryptocurrency to prevent public disclosure, but after a three-week negotiation, the victim paid $1 million in Bitcoin on June 13, 2026. The attack was an extortion incident without ransomware encryption. The attackers provided selective proof of deletion, but no independent verification was possible. The county notified affected individuals in September 2025. The incident highlights risks from brute-force attacks leading to large-scale data theft and extortion demands.
Potential Impact
The breach exposed highly sensitive personal and financial information of approximately 45,487 individuals, including government-issued ID numbers, Social Security numbers, medical and fingerprint data, and payment card details. The public release of such data could lead to identity theft, financial fraud, and privacy violations. The victim organization incurred a significant financial loss by paying a $1 million ransom. The incident also likely caused reputational damage and operational disruption to the county government. No ransomware encryption was involved, but the extortion threat leveraged stolen data exposure.
Mitigation Recommendations
Patch status is not applicable as this is an incident report of a cyber extortion attack rather than a software vulnerability. The victim paid the ransom to prevent data release. Organizations should ensure strong authentication controls to prevent brute-force attacks, implement robust monitoring for unauthorized access, and have incident response plans for extortion scenarios. Since the attackers provided no independent proof of data deletion, affected individuals should be notified and advised to monitor for potential misuse of their information. No official fix or patch is relevant for this incident.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/county-government-reportedly-paid-1-million-to-cyber-extortion-group/","fetched":true,"fetchedAt":"2026-07-07T17:43:20.347Z","wordCount":1045}
Threat ID: 6a4d3ab8c9d9e3dbe3962d07
Added to database: 07/07/2026, 17:43:20 UTC
Last enriched: 07/07/2026, 17:43:30 UTC
Last updated: 07/07/2026, 17:43:30 UTC
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.