← Back to Posts

Posts

OS Weekly: Extortion Without Ransomware, a 2M-Device Botnet Takedown & AI's Double Edge

OS Weekly: Extortion Without Ransomware, a 2M-Device Botnet Takedown & AI's Double Edge

This week showed how quickly cyber-extortion economics are shifting: a $1 million payout to a group with no evidence of ever encrypting a file, and a law-enforcement takedown of a proxy empire built on two million unknowing devices. Add a sharp read on AI’s asymmetric future and an unexpected lesson from the board-game table, and there’s plenty here for working defenders and aspiring practitioners alike.

OS Weekly: Extortion Without Ransomware, a 2M-Device Botnet Takedown & AI’s Double Edge

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

A case study by Rakesh Krishnan for Ransom-ISAC revealed that a U.S. government entity paid approximately $1 million to prevent stolen files from being leaked. The remarkable detail, drawn from leaked negotiation chats and the blockchain payment trail: there is no evidence the recipient group, Kairos, ever deployed ransomware or locked any files. The threat of exposure alone was the leverage.

For security teams, this raises the bar on incident-response decision-making — verify threat authenticity before paying, use blockchain analysis to gauge attacker credibility, and strengthen negotiation strategies so fear alone doesn’t drive a seven-figure settlement. For aspiring practitioners, it’s a reminder that understanding attacker psychology and economics is as important as technical skill. Extortion no longer requires encryption.

Read more: U.S. Government Entity Paid Kairos Group $1M in Data-Theft Extortion Case

FBI Seizes NetNut Proxy Platform Tied to the 2M-Device Popa Botnet

The FBI, working with industry partners, seized hundreds of domains linked to NetNut, a residential proxy service operated by Alarum Technologies — a publicly traded, NASDAQ-listed company. The action followed reporting from KrebsOnSecurity and multiple security firms connecting NetNut to the Popa botnet, which compromised over two million devices largely without their owners’ knowledge.

This takedown highlights the power of collaboration between law enforcement and private industry, and puts gray-market residential proxy services squarely under scrutiny. Defenders should treat unusual volumes of residential proxy traffic as a signal worth investigating. The case also underscores a broader point: the line between legitimate infrastructure business and exploitation of consumer devices is not always as clear as it should be — and regulators are paying closer attention.

Read more: FBI Seizes NetNut Proxy Platform, Popa Botnet

The Asymmetric Future of AI in Cybersecurity

A well-argued piece this week examines how AI is transforming threat detection, response, and vulnerability management — improving speed and accuracy well beyond what traditional tooling can deliver. The catch: the same capabilities are equally available to attackers, who are using AI to build more sophisticated, scalable campaigns. Whichever side operationalizes AI better gains a compounding edge.

That asymmetry is the real story. AI fluency is fast becoming a core competency for security professionals — not as a replacement for judgment, but as a force multiplier. The advice here is practical: learn the tooling, but stay clear-eyed about its failure modes — false positives, over-reliance, and the attack surface that AI systems introduce themselves. Continuous adaptation is the only stable strategy in a landscape this dynamic.

Read more: The Asymmetric Future of AI in Cybersecurity

Catan and Mouse: What Board Games Teach Cyber Defenders

Cisco Talos draws an engaging parallel between board games and cybersecurity: both reward pattern recognition, strategic thinking, and adaptation under uncertainty. The article’s central claim is that curiosity is the single most valuable skill a defender can cultivate — it drives the continuous learning needed to anticipate and counter threats that keep changing shape.

If you’re working toward a career in security, this is genuinely good news. The defender’s mindset — curious, pattern-seeking, adaptable — can be practiced anywhere, including game night. Technical skills follow the mindset, not the other way around. Worth a read if you’re early in your security journey or managing a team you’re trying to develop.

Read more: Catan and Mouse: What Board Games Teach Cyber Defenders


That’s the week. The common thread: leverage is evolving faster than tooling, and curiosity remains the defender’s best asset. From a $1M extortion payment without a single encrypted file to a botnet dismantled through public-private collaboration, the cases this week are a useful reminder that the threat model keeps moving — and so must your program.

💡 Want to lead with clarity in the AI era? If you’re aiming to lead a security team, break into cybersecurity, or operate with greater speed and confidence, this is the toolkit you’ve been missing: 🔗 Cybersecurity Leadership OS: Battle-Tested Mental Models for Clarity, Speed & Command

Follow CyberShield for more weekly breakdowns built for the next generation of security professionals.

comments powered by Disqus