kairos
Ransomware group profile
Description
Kairos is a financially motivated cyber extortion group that emerged in November 2024, primarily focusing on data theft and extortion rather than traditional ransomware tactics. Their strategy leverages the threat of data exposure to pressure victims into compliance while employing psychological manipulation tactics to maximize ransom payments.
Key insights
- •Kairos employs initial access brokers and exploits vulnerable remote services to gain access to victim networks.
- •The group exfiltrates sensitive data and threatens public disclosure to extract ransom payments from victims.
- •RClone, a legitimate file transfer utility, is a key tool utilized for data staging and exfiltration.
- •Kairos meticulously clears Windows Event Logs to evade detection during their operations.
- •They tailor ransom demands based on the financial capacity of the target and offer discounts for immediate payment.
Threat Level & Status Breakdown
For kairos · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for kairos in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for kairos
- d520d06d78afcad2e03842cb8db4622d18b92739e89dfb8dadf5743f30dcd903
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for kairos
T1486
T1486
T1490
T1490
T1070.001
T1070.001
T1562.001
T1562.001
T1078
T1078
T1047
T1047
T1021.001
T1021.001
T1059
T1059
T1583
T1583
T1550
T1550
T1040
T1040
T1027
T1027
Victims(69)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Commune De Camiers | — | FR France | Government & Defense | Unknown | 5 days ago | |
| McCarthy Inc | — | US United States | Other | Unknown | 19 days ago | |
| Arwini | — | DE Germany | Healthcare | Unknown | 23 days ago | |
| Ayuntamiento de Valdemoro | — | ES Spain | Government & Defense | Unknown | 23 days ago | |
| Houk Air Conditioning | houkac.com | US United States | Professional Services | Unknown | 28 days ago | |
| Gregory Jewellers | — | AU Australia | Retail & E-Commerce | Claimed | about 1 month ago | |
| Nordenta (a daughter company of LIFCO) | — | DK Denmark | Healthcare | Claimed | about 1 month ago | |
| Strata Republic | — | AU Australia | Professional Services | Claimed | about 2 months ago | |
| FriendlyCare Pharmacy | — | AU Australia | Healthcare | Claimed | about 2 months ago | |
| Pullen Moving | — | US United States | Transportation | Claimed | about 2 months ago | |
| Colonial Presbyterian Church | — | US United States | Retail & E-Commerce | Claimed | about 2 months ago | |
| South Florida Injury Centers | — | US United States | Healthcare | Claimed | about 2 months ago | |
| Resch Maschinenbau | resch-maschinenbau.de | DE Germany | Manufacturing | Unknown | 2 months ago | |
| Folet & Rivoire | frc-avocats.fr | FR France | Professional Services | Unknown | 3 months ago | |
| Institute of Social Security - Paraguay | ips.gov.py | PY Paraguay | Government & Defense | Unknown | 3 months ago | |
| Katz Kantor Stonestreet & Buckner | katzkantor.com | US United States | Professional Services | Unknown | 3 months ago | |
| Rockwood Retirement Communities | rockwoodretirement.org | US United States | Retail & E-Commerce | Unknown | 3 months ago | |
| The Marena Group | marena.com | US United States | Healthcare | Unknown | 4 months ago | |
| Seagrass Boutique Hospitality Group | seagrassbhg.com | AU Australia | Hospitality | Unknown | 4 months ago | |
| Robbins Parking Service Ltd | robbinsparking.com | CA Canada | Transportation | Unknown | 4 months ago |
Page 1 of 4
Affected countries(20)
Countries where this group has been reported to target or leak victims.