A US county has reportedly paid a ransom of $1 million to the cybercriminal group Kairos, which claimed to have stolen over 2 TB of data from the county’s systems. However, the county did not receive independently verifiable proof that the stolen files had been deleted, relying solely on the criminals’ assurances. This situation raises the possibility that the stolen data could be sold on dark web forums, and the same or other groups might attempt further extortion in the future.
Details of the Incident
The alleged extortion took place between May and June 2025, as outlined in a case study by threat intelligence researcher Rakesh Krishnan on Ransom-ISAC, a platform for sharing information among cybersecurity professionals. The report is based on leaked transcripts of negotiations between the county and Kairos, along with evidence of payment tracing on the blockchain.
While the specific identity of the county remains undisclosed, communications suggest it is a small county with limited resources. Initial demands from Kairos were for $3 million, which the county could not meet. The negotiations revealed the county’s financial constraints, ultimately leading to the settlement of $1 million.
Negotiation Dynamics
The negotiations included several counteroffers from the county, starting with an initial offer of $100,000. As the discussions progressed, the county increased its offer to $430,000 before settling on the final amount of $1 million. Kairos provided a Bitcoin wallet for the payment and claimed to have deleted the stolen files, but the transcript does not indicate a method for independent verification of this deletion.
Potential Implications
The FBI and the US Cybersecurity and Infrastructure Agency (CISA) advise against paying ransoms, as it does not guarantee data recovery and may encourage further criminal activity. Although there is no federal ban on ransom payments, some states, including North Carolina and Florida, have enacted laws prohibiting public agencies from complying with extortion demands.
This incident serves as a reminder of the complexities surrounding ransom payments and the ongoing debate over their effectiveness in combating cybercrime. Experts suggest that while eliminating financial incentives for criminals is crucial, outright bans on payments may not address the root causes of cyber insecurity.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.








