In August, a ransomware attack crippled Nevada’s executive branch, disrupting critical state services for weeks. Police were unable to conduct background checks, residents couldn’t renew driver’s licenses or access unemployment support, and small businesses faced delays in permit applications. The attack also triggered a 300% surge in follow-up (though unsuccessful) cyber threats. While the state’s $7M cybersecurity insurance covered direct recovery costs, the broader impact included economic disruptions for gun dealers, residents, and businesses reliant on state systems. Investigations revealed only a minimal subset of internal data was exposed, with no confirmed compromise of residents' personal data. Recovery efforts—led by the state’s IT team in collaboration with CISA and the FBI—were described as exhaustive, with staff working 18–20-hour days to restore services prioritizing public safety and economic functions. The attack underscored vulnerabilities in Nevada’s segmented IT infrastructure and sparked funding approvals for new cybersecurity initiatives, including a statewide security operations center (SOC) and expanded threat analysis programs.
Source: https://statescoop.com/nevadas-big-cyberattack-spurs-two-new-projects/
TPRM report: https://www.rankiteo.com/company/nv-gto
"id": "nv-2602026102225",
"linkid": "nv-gto",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Residents (e.g., unable to '
'renew licenses, access '
'unemployment), businesses '
'(e.g., permit delays), law '
'enforcement (background check '
'disruptions)',
'industry': 'Public Administration',
'location': 'Nevada, USA',
'name': 'State of Nevada (Executive Branch)',
'type': 'Government'}],
'attack_vector': ['Brute-force compromise (hypothesized)',
'Victim-initiated (e.g., phishing/malware download) '
'(hypothesized)'],
'customer_advisories': 'Public acknowledgment of service disruptions (e.g., '
'via legislative hearing)',
'data_breach': {'data_exfiltration': 'Unconfirmed (investigation ongoing)',
'personally_identifiable_information': 'No (per CIO '
'statement)',
'sensitivity_of_data': 'Low (no resident PII confirmed)',
'type_of_data_compromised': 'Internal data (very small '
'subset)'},
'date_detected': '2023-08',
'date_publicly_disclosed': '2024-02-22',
'description': 'During a legislative session, Nevada’s top technology '
'official (CIO Timothy Galluzi) provided updates on a '
'ransomware attack that disabled the state’s executive branch '
'in August 2023. The attack disrupted critical services (e.g., '
'background checks, driver’s license renewals, unemployment '
'support, business permits) for weeks, led to a 300% increase '
"in follow-up attack attempts, and exposed a 'very small "
"subset of internal data' (with no confirmed compromise of "
"residents' personal data). Recovery efforts, supported by "
"CISA and the FBI, were likened to 'draining an Olympic-size "
"swimming pool with a garden hose,' prioritizing public safety "
'and economic functions. The state’s $7M cybersecurity '
'insurance is expected to cover direct recovery costs. '
'Post-incident, Nevada approved $300K for new cybersecurity '
'initiatives, including expanding threat analysis and '
'advancing a statewide Security Operations Center (SOC). The '
'attack’s initial vector remains undisclosed pending '
'investigation, though Galluzi noted ransomware typically '
'begins via brute-force compromises or victim-initiated '
'actions (e.g., phishing).',
'impact': {'brand_reputation_impact': 'Moderate (public legislative scrutiny; '
'emphasis on recovery efforts)',
'customer_complaints': 'Reported by constituents (e.g., gun '
'dealers, residents unable to access '
'services)',
'data_compromised': 'Very small subset of internal data (no '
'resident PII confirmed compromised)',
'downtime': 'Weeks (services disrupted for extended periods)',
'identity_theft_risk': 'Low (no resident PII confirmed '
'compromised)',
'operational_impact': 'Severe (300% increase in follow-up attack '
'attempts; prioritized recovery for public '
'safety/economic functions)',
'systems_affected': ['Police background check systems',
'Driver’s license renewal systems',
'Unemployment support systems',
'Secretary of State’s business permit systems',
'State executive branch networks (excluding '
'legislative branch, which was segmented)']},
'investigation_status': 'Ongoing (vendor-assisted report pending)',
'lessons_learned': ['Importance of network segmentation (legislative branch '
'unaffected due to prior separation)',
'Need for statewide SOC (funding challenges noted)',
'Critical role of cybersecurity insurance in recovery',
'Human factor in incident response (IT staff’s voluntary '
'overtime efforts)'],
'motivation': 'Financial (assumed, given ransomware context)',
'post_incident_analysis': {'corrective_actions': ['$300K funding for threat '
'analysis/SOC initiatives',
'Ongoing collaboration with '
'CISA/FBI',
'Prioritized system '
'recovery (public safety '
'first)'],
'root_causes': 'Under investigation (hypothesized: '
'brute-force or phishing)'},
'ransomware': {'data_encryption': 'Likely (given ransomware classification)',
'data_exfiltration': 'Unconfirmed'},
'recommendations': ['Advance statewide Security Operations Center (SOC) with '
'stakeholder buy-in',
'Expand technical threat analysis programs (funded via '
'$150K federal grant)',
'Address IT funding model to reduce friction for critical '
'projects',
'Enhance employee training on phishing/brute-force risks'],
'references': [{'date_accessed': '2024-02-23',
'source': 'StateScoop',
'url': 'https://statescoop.com/nevada-ransomware-attack-legislative-hearing-2024/'},
{'date_accessed': '2024-02-22',
'source': 'Nevada Legislature Interim Finance Committee '
'Hearing'}],
'response': {'communication_strategy': 'Legislative updates; pending '
'comprehensive vendor report '
'post-investigation',
'containment_measures': ['Attack isolation by Governor’s '
'Technology Office',
'Network segmentation (legislative '
'branch already separated)'],
'incident_response_plan_activated': 'Yes (led by Governor’s '
'Technology Office, with '
'CISA and FBI support)',
'law_enforcement_notified': 'Yes (FBI involved)',
'network_segmentation': 'Yes (legislative branch pre-segmented)',
'recovery_measures': ['18–20+ hour workdays by IT staff for '
'weeks',
'Use of $7M cybersecurity insurance for '
'direct costs',
'Funding approval for $300K in new '
'initiatives (threat analysis expansion, '
'SOC development)'],
'remediation_measures': ['Triage and rebuild of affected systems',
'Prioritization of public safety and '
'economic functions'],
'third_party_assistance': 'Yes (vendor assisting with '
'investigation; CISA/FBI support)'},
'stakeholder_advisories': 'Legislative updates provided; comprehensive report '
'forthcoming',
'title': 'Ransomware Attack on Nevada State Executive Branch',
'type': 'Ransomware Attack'}