The Kairos ransomware group is a new and relatively obscure threat actor that emerged in 2024, adding to the growing list of short-lived ransomware brands. Public reporting on Kairos remains limited.

Kairos follows the now-standard double extortion model, encrypting victim systems while exfiltrating sensitive data and threatening to leak the information if ransom demands are not met. Targets appear to be primarily small to mid-sized organizations, often those with exposed remote access services or weaker security controls. Initial access is believed to involve phishing, stolen credentials, or exploitation of unpatched services.

Technically, Kairos relies on commodity ransomware techniques, including strong encryption, disabling backups, and using legitimate system tools for lateral movement and evasion.