Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

County Government Reportedly Paid $1 Million to Cyber Extortion Group

0
Medium
Vulnerability
Published: 07/07/2026 (07/07/2026, 17:31:54 UTC)
Source: SecurityWeek

Description

A small Ohio county government reportedly paid a $1 million ransom to the Kairos cyber extortion group to prevent the public release of sensitive stolen data. The attackers gained access via a brute-force attack in May 2025, stealing over 2 terabytes of data including personal and financial information of approximately 45,487 individuals. The extortion involved negotiation over three weeks, with the ransom initially demanded at $3 million and settled at $1 million paid in Bitcoin. This incident was an extortion attack without file-encrypting ransomware. The attackers provided selective proof of deletion but no independent verification mechanism. The affected county publicly notified individuals of the breach in September 2025.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/07/2026, 17:43:30 UTC

Technical Analysis

In May 2025, a small Ohio county government suffered a brute-force intrusion by the Kairos cyber extortion group, resulting in the theft of over 2 terabytes of data comprising about 1.6 million files. The stolen data included sensitive personal information such as names, dates of birth, government ID numbers, Social Security numbers, financial account details, fingerprint and medical information, and payment card details. The attackers demanded a $3 million ransom in cryptocurrency to prevent public disclosure, but after a three-week negotiation, the victim paid $1 million in Bitcoin on June 13, 2026. The attack was an extortion incident without ransomware encryption. The attackers provided selective proof of deletion, but no independent verification was possible. The county notified affected individuals in September 2025. The incident highlights risks from brute-force attacks leading to large-scale data theft and extortion demands.

Potential Impact

The breach exposed highly sensitive personal and financial information of approximately 45,487 individuals, including government-issued ID numbers, Social Security numbers, medical and fingerprint data, and payment card details. The public release of such data could lead to identity theft, financial fraud, and privacy violations. The victim organization incurred a significant financial loss by paying a $1 million ransom. The incident also likely caused reputational damage and operational disruption to the county government. No ransomware encryption was involved, but the extortion threat leveraged stolen data exposure.

Mitigation Recommendations

Patch status is not applicable as this is an incident report of a cyber extortion attack rather than a software vulnerability. The victim paid the ransom to prevent data release. Organizations should ensure strong authentication controls to prevent brute-force attacks, implement robust monitoring for unauthorized access, and have incident response plans for extortion scenarios. Since the attackers provided no independent proof of data deletion, affected individuals should be notified and advised to monitor for potential misuse of their information. No official fix or patch is relevant for this incident.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Article Source
{"url":"https://www.securityweek.com/county-government-reportedly-paid-1-million-to-cyber-extortion-group/","fetched":true,"fetchedAt":"2026-07-07T17:43:20.347Z","wordCount":1045}

Threat ID: 6a4d3ab8c9d9e3dbe3962d07

Added to database: 07/07/2026, 17:43:20 UTC

Last enriched: 07/07/2026, 17:43:30 UTC

Last updated: 07/07/2026, 17:43:30 UTC

Views: 1

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses