In August 2023, the State Government of Nevada suffered a large-scale ransomware attack that crippled operations across 60 state agencies, including critical sectors like health, public safety, and governmental services. The attack encrypted key systems, leading to denial or delays in citizen services, suspension of medical and criminal record platforms, and disrupted inter-agency communications. While no ransom was paid, the recovery spanned nearly a year, requiring system isolation, forensic analysis, secure backup restoration, and network segmentation. The incident forced a statewide overhaul of cybersecurity, including Zero Trust adoption, MFA enforcement, SIEM deployment, and cloud-based disaster recovery. Services like emergency response, healthcare data access, and administrative functions were severely impacted, with some sectors requiring redundant cloud mirroring to prevent future outages. The attack highlighted vulnerabilities in public sector infrastructure, prompting long-term reforms to enhance resilience against ransomware threats.
TPRM report: https://www.rankiteo.com/company/nv-gto
"id": "nv-4932649110725",
"linkid": "nv-gto",
"type": "Ransomware",
"date": "8/2023",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'citizens of Nevada (exact '
'number unspecified)',
'industry': 'public administration',
'location': 'Nevada, USA',
'name': 'State of Nevada Government',
'size': '60 state agencies affected',
'type': 'government'}],
'customer_advisories': ['Phased notifications about restored services (e.g., '
'health data platforms, emergency communications)'],
'data_breach': {'data_encryption': True},
'date_detected': '2023-08-24',
'date_resolved': '2024-05',
'description': 'A nearly year-long recovery effort following a widespread '
'ransomware incident in August 2023 has come to a close in the '
'state of Nevada. The state government announced that it has '
'restored all affected systems and completed remediation '
'efforts following an attack that disrupted operations across '
'60 state agencies. The incident paralyzed several core '
'services, including those related to health, public safety, '
'and governmental operations.',
'impact': {'downtime': '~9 months (August 2023 - May 2024)',
'operational_impact': ['delay/denial of citizen services',
'suspension of medical and criminal records '
'platforms',
'limited inter-agency communications'],
'systems_affected': ['health services',
'public safety systems',
'governmental operations',
'medical records platforms',
'criminal records platforms',
'inter-agency communications']},
'initial_access_broker': {'high_value_targets': ['health services',
'public safety systems',
'administrative functions']},
'investigation_status': 'completed',
'lessons_learned': ['Importance of coordinated incident response plans',
'Need for redundant and secure backup strategies',
'Value of cross-agency visibility via logging/alerting '
'systems',
'Critical role of routine penetration testing and '
'red-teaming',
'Effectiveness of shared-service cybersecurity models for '
'state/local governments'],
'post_incident_analysis': {'corrective_actions': ['Modernization of '
'cybersecurity architecture '
'(Zero Trust)',
'State-wide employee '
'training on '
'ransomware/phishing',
'Implementation of MFA and '
'SIEM tools',
'Enhanced cloud-based '
'disaster recovery',
'Network segmentation and '
'access management '
'reforms']},
'ransomware': {'data_encryption': True},
'recommendations': ['Adopt Zero Trust architecture frameworks',
'Implement multi-factor authentication (MFA) universally',
'Deploy centralized SIEM tools for threat detection',
'Establish cloud-based disaster recovery configurations',
'Conduct state-wide employee cybersecurity training '
'(e.g., ransomware/phishing awareness)',
'Enhance logging and data retention policies for forensic '
'readiness',
'Invest in network segmentation to limit blast radius of '
'future attacks'],
'references': [{'source': 'Nevada Office of Information Security (OIS) public '
'statements'},
{'source': 'Cybersecurity and Infrastructure Security Agency '
'(CISA) advisory'}],
'response': {'communication_strategy': ['regular public updates to maintain '
'transparency',
'phased restoration announcements for '
'critical services'],
'containment_measures': ['complete disconnection of infected '
'systems to prevent lateral movement',
'deployment of endpoint detection and '
'response (EDR) tools across all '
'endpoints'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'network_segmentation': True,
'recovery_measures': ['modernization of cybersecurity '
'architecture (Zero Trust framework)',
'multi-factor authentication (MFA) '
'mandates for all internal logins',
'centralized Security Information and '
'Event Management (SIEM) tools',
'cloud-based continuity and disaster '
'recovery configurations',
'enhanced logging and data retention '
'policies'],
'remediation_measures': ['restoration of secure backups from '
'clean images',
'implementation of network segmentation',
'strengthening identity and access '
'management'],
'third_party_assistance': ['Cybersecurity and Infrastructure '
'Security Agency (CISA)',
'Federal Bureau of Investigation '
'(FBI)']},
'stakeholder_advisories': ['Regular public updates during recovery',
'Transparency reports on service restoration '
'milestones'],
'title': 'Nevada State Government Ransomware Attack (August 2023)',
'type': 'ransomware'}