Ransomware gang says it stole confidential files from Taos County, NM; demands ransom in 7 days

Ransomware group Kairos today said it stole 1.94 TB of data from the Taos County, New Mexico local government.

Kairos listed Taos County on its data leak site. To prove its claim, it posted a sample of documents that Kairos says it stole from the Taos County government. Some of the documents appear to be related to a child sexual abuse case.

Kairos gave Taos County officials seven days to pay an undisclosed amount in ransom. If the county fails to pay within the next week, Kairos threatens to sell or publicly release the allegedly stolen data.

The Taos County government has not acknowledged a cyber attack as of time of writing, and has not verified Kairos’ claim. We can not verify whether the documents posted by Kairos are authentic. Comparitech contacted Taos County officials for comment and will update this article if they reply.

Taos News reported Taos County officials declined to comment on a suspected ransomware attack that began on June 5, 2025.

Who is Kairos?

Kairos is a ransomware group that first began listing the targets of its ransomware attacks on its data leak site in November 2024. However, unlike many other ransomware groups, Kairos does not encrypt the systems it infects. Instead, it focuses on stealing data and then extorting organizations by threatening to sell or release it.

Kairos has taken credit for four confirmed ransomware attacks since it began, plus 35 unconfirmed attack claims that haven’t been publicly acknowledged by the targeted organizations. Kairos made 22 of those unconfirmed claims this year.

Kairos’ other three confirmed attacks include:

• Accounting & Advisory Services reported a data breach claimed by Kairos in September 2024
• Vitenas Cosmetic Surgery notified 31,852 people of a data breach in February 2025. Kairos posted an indecent image of a cosmetic surgery patient as proof of its claim
• Baltimore City State’s Attorney’s Office reported a March 2025 attack claimed by Kairos

Ransomware attacks on US government

Comparitech researchers have logged 32 confirmed ransomware attacks on US government entities in 2025 to date, plus 33 unconfirmed claims.

Ransomware attacks on local governments like Taos County aren’t uncommon. Other such recently confirmed attacks include:

• Durant, OK suffered a data breach earlier this month claimed by Inc ransomware, which gave the city two days to pay
• Mower County, MN reported a ransomware attack by an unknown group earlier this month
• Strafford County, NH reported a March 2025 data breach and a 10-day system outage following an attack claimed by DragonForce
• The Payne County, OK Sheriff’s Office confirmed a May 2025 ransomware attack claimed by SafePay
• Liberty Township, OH reported a May 2025 data breach claimed by SafePay

Ransomware attacks on US government agencies and departments can both steal data and lock down computer systems. In Kairos’ case, it’s just the former. The attacker then demands a ransom to delete the stolen data and in exchange for a key to recover infected systems. If the target doesn’t pay, it could take weeks or even months to restore systems, data could be lost forever, and people whose data was stolen are put at greater risk of fraud and other crimes.

About Taos County, New Mexico

Taos County is home to about 35,000 people on the northern border of New Mexico.