The State of Nevada experienced a ransomware attack in August, which knocked several state websites offline and disrupted digital services. The attack, detected on August 24, triggered a 300% surge in cyberattack attempts (150 million hits in 72 hours), primarily through phishing attempts targeting employee credentials after a statewide password reset. While 90% of public-facing services (including DMV operations) were restored, critical systems like the sex offender registry and FBI background check system for gun dealers remained offline. State officials confirmed data theft, though no personally identifiable information (PII) of residents was compromised. Affected data included state processes, inventory, and databases, with no financial or resident PII exposure reported. The attack prompted enhanced security measures, such as stricter password policies and expanded multi-factor authentication (MFA). The recovery prioritized public safety systems, but the full extent of the breach and attacker identity remain undisclosed due to an ongoing federal investigation.
TPRM report: https://www.rankiteo.com/company/nv-gto
"id": "nv-1862018091325",
"linkid": "nv-gto",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'residents relying on state '
'digital services (e.g., DMV, '
'background checks)',
'industry': 'public administration',
'location': 'Nevada, USA',
'name': 'State of Nevada',
'type': 'government'}],
'attack_vector': ['phishing (post-incident)', 'ransomware (initial attack)'],
'customer_advisories': 'Public updates on service restoration (e.g., DMV 100% '
'online; remaining systems prioritized).',
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'moderate (no PII or financial data '
'confirmed)',
'type_of_data_compromised': ['state process data',
'state inventory',
'state databases']},
'date_detected': '2023-08-24',
'date_publicly_disclosed': '2023-08-24',
'description': 'Nevada faced a 300% increase in cyberattack attempts (150 '
'million hits in 72 hours) following a ransomware attack on '
'August 24, 2023, which knocked several state websites '
'offline. The attack led to a statewide password reset for all '
'employees, triggering phishing attempts to gather state '
'system credentials. While 90% of public-facing websites and '
'services have been restored, some critical systems (e.g., sex '
'offender registry, gun dealer background check system) remain '
'offline. Data exfiltration occurred, but no personally '
'identifiable information (PII) of residents was confirmed '
'compromised. Financial and state process data were reportedly '
'unaffected.',
'impact': {'brand_reputation_impact': 'heightened public awareness due to '
'transparency efforts',
'data_compromised': ['state process data',
'state inventory data',
'state database data'],
'downtime': ['since 2023-08-24 (partial recovery by briefing date)',
'DMV restored within ~1 week'],
'identity_theft_risk': 'none confirmed (no resident PII '
'compromised)',
'operational_impact': ['statewide password reset',
'heightened phishing attempts (150M '
'firewall hits in 72 hours)',
'prioritized restoration of public '
'safety-critical systems'],
'payment_information_risk': 'none (financial data reportedly '
'unaffected)',
'systems_affected': ['public-facing websites (10% remaining '
'offline)',
'sex offender registry',
'gun dealer background check system (FBI '
'NICS)',
'DMV systems (fully restored)']},
'initial_access_broker': {'high_value_targets': ['state process data',
'state databases']},
'investigation_status': 'ongoing (federal investigation; technical details '
'withheld)',
'lessons_learned': ['Public announcements (e.g., password resets) can trigger '
'secondary attacks (e.g., phishing).',
'Heightened employee awareness is critical for thwarting '
'real-time phishing attempts.',
'Balancing transparency with operational security is '
'challenging during active investigations.',
'Prioritizing restoration of public safety-critical '
'systems (e.g., DMV, background checks) mitigates broader '
'societal impact.'],
'post_incident_analysis': {'corrective_actions': ['Stronger governance '
'policies and controls '
'across state government.',
'Identity-hardened '
'processes (MFA expansion, '
'password standards).',
'Enhanced monitoring for '
'credential-based '
'attacks.']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Expand multi-factor authentication (MFA) adoption across '
'all state systems.',
'Implement stronger password policies and '
'identity-hardened processes.',
'Enhance firewall and monitoring capabilities to '
'detect/deter phishing surges.',
'Develop pre-approved communication templates for '
'incident updates to streamline transparency.'],
'references': [{'source': 'Governor Joe Lombardo’s Press Briefing (Las '
'Vegas)'},
{'source': 'Nevada CIO Timothy Galluzi’s Update (Aug. 27, '
'2023)'}],
'response': {'communication_strategy': ['press briefings (e.g., Aug. 24, Aug. '
'27, and Friday update)',
'transparency balanced with '
'operational security'],
'containment_measures': ['statewide password reset',
'multi-factor authentication expansion',
'firewall monitoring for phishing '
'attempts'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['gradual system restoration',
'identity-hardened processes (stronger '
'password standards)'],
'remediation_measures': ['restoration of 90% public-facing '
'systems',
'prioritization of public '
'safety-critical services (e.g., DMV, '
'background checks)']},
'stakeholder_advisories': 'Regular press briefings with balanced '
'transparency/operational security.',
'title': 'Nevada State Ransomware Attack and Subsequent Cyberattack Surge',
'type': ['ransomware', 'phishing', 'data exfiltration']}