U.S. Government Reportedly Paid $1M After Massive Data Theft
Share
U.S. Government Quietly Paid Hackers $1 Million After Massive Data Theft, Report Reveals
- U.S. Government Paid Hackers $1 Million Without a Single File Being Encrypted
- Hackers Scored $1M From U.S. Government Using a New Extortion Tactic
- New Report Reveals Secret $1 Million Payment to Cyber Extortion Group
- No Ransomware, No Encryption Yet Hackers Still Won $1 Million
- Cybercriminals Are Changing the Rules and Governments Are Paying the Price
A U.S. government entity reportedly paid $1 million in Bitcoin to a cyber extortion group after sensitive data was stolen, highlighting a growing trend in which hackers no longer need to encrypt systems to secure massive ransom payments.
The payment, detailed in a new case study by Ransom-ISAC, was allegedly made to the cybercriminal group Kairos following weeks of negotiations. Investigators say the attackers relied entirely on stolen data as leverage, threatening to publish confidential files unless the victim paid.
No Ransomware, Just Stolen Data
Unlike traditional ransomware attacks that lock computers and demand payment for decryption keys, the Kairos operation reportedly involved no file encryption at all.
Instead, the attackers claimed to have stolen more than 2 terabytes of data including approximately 1.6 million files before demanding an initial ransom of $3 million. After nearly a month of negotiations, the payment was reduced to roughly $1 million, which was transferred in Bitcoin in June 2025. Researchers traced the cryptocurrency through multiple wallets linked to major exchanges.
Clues Point to an Ohio Government Network
Although the case study does not officially identify the victim, investigators say leaked negotiation records strongly suggest the compromised organization was Union County, Ohio.
The county disclosed a cyber incident in 2025 affecting tens of thousands of residents, with stolen information reportedly including Social Security numbers, financial records, passport information, and fingerprints. Neither Union County nor Kairos has publicly confirmed the connection.
Paying Doesn’t Guarantee Data Is Safe
After receiving the payment, Kairos reportedly provided what it described as “proof of deletion.” However, cybersecurity researchers caution that there is no reliable way to verify whether stolen files have actually been erased.
Experts warn that paying cybercriminals remains a high-risk decision because attackers may retain copies of the data, sell it to other threat actors, or return with additional extortion demands.
A New Era of Cyber Extortion
The incident underscores a major shift in cybercrime. Increasingly, threat groups are abandoning traditional ransomware in favor of pure data extortion, where the threat of exposing stolen information becomes the primary weapon.
Security researchers note that many modern cyberattacks now focus on stealing sensitive data rather than disrupting operations, allowing criminals to pressure victims without deploying encryption malware. This approach is becoming increasingly common against government agencies, healthcare providers, and businesses that manage large volumes of confidential information.
As cyber extortion tactics continue to evolve, the case serves as a stark reminder that organizations must invest not only in ransomware defenses but also in preventing data theft, strengthening identity security, and preparing for increasingly sophisticated extortion campaigns.




Leave a Reply