News
MARKET SIGNAL:

Union County Clues Point To $1 Million Kairos Data-Extortion Payment

Newsroom brief

A Ransom-ISAC case study says Kairos took about $1 million after stealing files without encrypting systems. Clues point to Union County, Ohio, but the public record does not confirm the link or prove the data was deleted.

Verified against source materialEdited by SendTech Times Cybersecurity Desk
Union County Clues Point To $1 Million Kairos Data-Extortion Payment

A leaked negotiation record points to a U.S. county government paying about $1 million after attackers stole files rather than encrypting systems, turning the incident into a data-extortion case with no public proof that the files were deleted.

The case study by Rakesh Krishnan for Ransom-ISAC says the group calling itself Kairos demanded payment after taking data and threatening publication.

Krishnan found no sign of a locker, encryptor or decryption-key demand, so the pressure came from the threat of disclosure rather than from disabled machines.

Union County Clues Point To A Public-Sector Victim

Krishnan did not name the victim in the case study.

The disclosed clues pointed to Union County, Ohio, including file names such as Union.xlsx and union.rar, a reference to a small county with limited resources, and a folder marked prosecutors office.

Union County said in May 2025 that it detected ransomware on its network.

Union County's public notice said the county later notified 45,487 residents and staff that data had been taken, affecting most of the county's population.

The notice said the stolen records included Social Security details, financial information, fingerprints and passport numbers.

Neither the county nor Kairos has confirmed that the case study describes the Union County incident.

If the match is correct, the county paid a seven-figure ransom that was not disclosed in the public incident notice.

The Negotiation Moved From $3 Million To 9.44 Bitcoin

The negotiation ran for about a month, according to the case study.

According to the case study, Kairos opened with a $3 million demand and claimed it held more than 2 terabytes of data across about 1.6 million files.

The case study says the victim started with a $100,000 offer and later raised the offer before reaching $430,000.

The case study says Kairos lowered its demand to $2 million before setting a final $1 million deadline and threatened to publish the files if payment was not made by Friday.

The case study says the victim paid on June 13, 2025.

According to Rakesh Krishnan, the transaction was about 9.44 bitcoin, valued near $1 million when it was sent.

He traced the funds as they split and moved towards deposit addresses tied to Bybit, OKX and a Russian service called BELQI.

Data-Theft Extortion Leaves No Deletion Proof

Kairos sent what was described as a proof-of-deletion file after payment.

The case study says the file list showed that the attacker once possessed the files, not that the original copies had been erased.

For public-sector networks, the payment bought a promise from the attacker, not a verifiable recovery event.

In a classic encryption case, the operational test is whether systems can be decrypted and restored.

In a data-theft case, copies may remain with the attacker or with another party.

Sophos reporting cited in the account said in 2025 that only about half of ransomware attacks still involved encryption, the lowest rate in six years.

The same account compared the Kairos pattern with Silent Ransom Group, a Conti offshoot described as using data-theft extortion against U.S. law and finance firms without an encryptor.

The account said Kairos' leak site is now down, and its last known victim appeared in June 2026.

The case study says one wallet linked to the operation continued moving funds in May 2026.

Available public records did not disclose confirmation of the Union County link, a full copied-file inventory, proof that Kairos deleted the data, named criminal charges, or whether the county recovered the payment.

Share this article
inXf

Related articles

More
Merchants See AI Shopping Coming, but Checkout Is Still the Weak Link
Fintech & Digital Payments

Merchants See AI Shopping Coming, but Checkout Is Still the Weak Link

A merchant survey tied to the 2026 Global Digital Shopping Index places the United Arab Emirates in a three-country checkout test. Mobile apps are gaining ground as sales channels, but many merchants still see payment technology, attribution and fraud protection as unfinished work before AI agents start shaping purchases.

Visa And Mastercard Push Tokens Into The Trust Layer For AI Shopping
Fintech & Digital Payments

Visa And Mastercard Push Tokens Into The Trust Layer For AI Shopping

Visa and Mastercard are building agentic-commerce payment frameworks around tokenized credentials, authenticated agents and permissioned transactions. Consumer data shows 45% comfort with AI agents completing purchases, but 95% still have at least one concern, making trust and fraud protection the real adoption test.

Keep Reading

More Stories

Latest
World Cup Trading Gives Prediction Markets A $31 Billion Stress TestFintech & Digital PaymentsJul 4, 2026World Cup Trading Gives Prediction Markets A $31 Billion Stress TestDune Analytics data cited for Kalshi showed more than $31 billion in June notional volume, while Bank of America put Rothera at $2 billion. The surge gives regulators and institutions a live test of event-contract market capacity.Meta Compute Prepares AI Cloud Push Against AWS And GoogleCloud & Data CentersJul 4, 2026Meta Compute Prepares AI Cloud Push Against AWS And GoogleMeta is considering external sales of AI compute and model access through Meta Compute. Zuckerberg said the idea is on the table, but customer names, pricing, GPU inventory and a Muse Spark release date remain undisclosed.Anthropic Plans Drug Discovery Push Without Trial Or Partner DetailsCapital & PolicyJul 4, 2026Anthropic Plans Drug Discovery Push Without Trial Or Partner DetailsAnthropic says Claude Science will support drug discovery and that its life sciences team will focus on neglected diseases. The company did not identify target diseases, lab partners, clinical-trial plans, manufacturing partners, patient timelines or regulatory milestones.Infineon Opens €5 Billion Dresden Fab Three Months Early Without Customer NamesChips & SemiconductorsJul 4, 2026Infineon Opens €5 Billion Dresden Fab Three Months Early Without Customer NamesInfineon Technologies opened its €5 billion Module 4 smart power fab in Dresden three months ahead of schedule. The 300-mm plant adds European capacity for power semiconductors and analogue/mixed-signal devices, but Infineon did not name customers, order volumes or utilisation targets.Gillibrand Seeks Memecoin Ban After Trump Crypto DisclosureCapital & PolicyJul 4, 2026Gillibrand Seeks Memecoin Ban After Trump Crypto DisclosureSenator Kirsten Gillibrand is renewing her push for elected officials and their spouses to be barred from issuing or promoting crypto assets, including memecoins. Decrypt reported that President Donald Trump's annual financial disclosure listed more than $1.2 billion from crypto ventures last year, including more than $635 million from a Solana-based memecoin.UAE PMI Falls To 50.8 As June Hiring Contracts After Hormuz DisruptionEconomyJul 4, 2026UAE PMI Falls To 50.8 As June Hiring Contracts After Hormuz DisruptionS&P Global Market Intelligence said the UAE non-oil PMI fell to 50.8 in June from 52.6 in May, with employment contracting for the first time in more than four years. The survey cited client caution, sparse tourism activity and supply-chain disruption, but did not give company-level job cuts or revenue losses.Texas AI Campus Filing Names 525.5 MW Behind One Wind InterconnectionCloud & Data CentersJul 4, 2026Texas AI Campus Filing Names 525.5 MW Behind One Wind InterconnectionTexas regulators are considering whether Crusoe and Ensign Infrastructure must curtail a second AI data-centre load behind the Goodnight 1 wind farm during grid emergencies. Data Center Knowledge reported that the combined behind-the-meter load would reach 525.5 MW under the Senate Bill 6 review.Bad Epoll Linux Flaw Reaches Android Without A Public Patch TimetableCybersecurityJul 4, 2026Bad Epoll Linux Flaw Reaches Android Without A Public Patch TimetableA newly disclosed Linux kernel flaw tracked as CVE-2026-46242 can let an unprivileged local user gain root access on Linux systems and may be reachable from Android or Chrome sandbox contexts, but public material did not give a distribution-by-distribution patch timetable.UAE Housing Programme Adds e& Smart-Home Offers Without Adoption TimetableEconomyJul 4, 2026UAE Housing Programme Adds e& Smart-Home Offers Without Adoption TimetableThe Sheikh Zayed Housing Programme and e& signed an agreement covering home internet, smart-home automation, connected devices and Hassantuk fire detection for beneficiaries and ministry staff, but the announcement did not disclose prices, rollout dates or adoption targets.ZEN.COM Adds Mastercard Click To Pay Across 33 Markets Without Merchant NamesFintech & Digital PaymentsJul 4, 2026ZEN.COM Adds Mastercard Click To Pay Across 33 Markets Without Merchant NamesZEN.COM says Mastercard Click to Pay is now available to 1.5 million consumers across 33 markets, including the European Economic Area, the United Kingdom and Singapore, but it did not name participating merchants or transaction volumes.Meta Pocket App Tests Prompt-Built Games In Social FeedsAIJul 4, 2026Meta Pocket App Tests Prompt-Built Games In Social FeedsMeta has launched Pocket, an AI platform for making and sharing prompt-built mini games and interactive apps, according to AI Times Korea. The limited app-store rollout uses technology from the acquired Gizmo team, but Meta has not named a global launch timetable or creator monetisation terms.Kospi Drops 7.89 Percent As Samsung And SK hynix Lead Chip Sell-OffChips & SemiconductorsJul 4, 2026Kospi Drops 7.89 Percent As Samsung And SK hynix Lead Chip Sell-OffThe Korea Herald reported that the Kospi fell 7.89 percent on Thursday as Samsung Electronics and SK hynix came under selling pressure from renewed AI-capacity and chip-competition concerns. The article cited a sell-side sidecar, heavy foreign and institutional selling and 48.86 trillion won in trading value, but did not report confirmed order cuts, revised chipmaker forecasts or measured AI capacity utilisation.