A U.S. government entity paid roughly $1 million to prevent the public release of stolen files, reveals a case study published by Ransom-ISAC researcher Rakesh Krishnan. The analysis draws on a leaked negotiation chat and a blockchain trail left by the payment.
The group receiving the funds, which calls itself Kairos, may not be a conventional ransomware operation. Krishnan found no evidence the group ever encrypted any systems. The extortion appears to have relied solely on the threat of data exposure, a tactic known as “pure data-theft extortion.”
Payment details were reconstructed through blockchain forensics, according to the study. Ransom-ISAC noted the case highlights how some attackers skip encryption entirely, applying pressure purely through stolen data. The affected U.S. government entity was not named in the report, and it remains unclear which agency or department was targeted.
The report does not specify the exact type of data stolen, nor whether any files were ultimately leaked. Krishnan told The Hacker News that the negotiation logs suggest both sides reached a settlement without any known release of the pilfered information.
No patch or technical fix applies to the vulnerability exploited here — it was purely a data-access breach. Organizations are advised to focus on access controls, credential hygiene, and rapid detection of anomalous data exfiltration to defend against such extortion-only tactics.