🟠 High | Source: The Hacker News
A US government entity paid approximately $1 million to a threat actor group called Kairos to prevent stolen files being publicly leaked. Unusually, Kairos appears to operate purely as a data extortion group with no evidence of ransomware or file encryption — making this a pure exfiltration-and-extort model. The case is notable because it demonstrates that organisations are willing to pay significant sums even without the additional pressure of encrypted systems.
Security Architect’s Take: Review your data exfiltration detection controls — DLP, CASB, and egress monitoring — as pure extortion attacks require no malware deployment and may bypass traditional ransomware detection. Ensure incident response playbooks explicitly address the ‘pay or leak’ scenario, including legal and regulatory obligations under UK GDPR and sector-specific guidance before any payment decision is made.
Original advisory: U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case