The State of Nevada experienced a confirmed **ransomware attack** starting Sunday, leading to unauthorized exfiltration of state data. While the exact nature of the stolen data remains unclear—whether it includes sensitive personal, financial, or operational records—the attack disrupted critical digital infrastructure. Key systems, including the state’s primary website (**NV.gov**), numerous agency portals, and online public services, were taken offline as part of containment efforts, causing widespread operational disruptions. The incident response involved isolating affected systems to prevent further intrusion, with federal support from **CISA** aiding in network restoration and threat eradication. As of the latest update, no threat actor has claimed responsibility, and investigations are ongoing to determine if citizens' sensitive information was compromised. The attack’s broader implications—such as potential financial fraud, identity theft, or long-term reputational damage—remain unresolved, though officials emphasized a cautious, phased recovery to ensure security.
Source: https://statescoop.com/nevada-ransomware-attack-2025/
TPRM report: https://www.rankiteo.com/company/nv-gto
"id": "nv-637082925",
"linkid": "nv-gto",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'State citizens (potential '
'exposure of personal data, '
'though specifics unclear)',
'industry': 'Public Administration',
'location': 'Nevada, USA',
'name': 'State of Nevada',
'type': 'Government'}],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': 'Unconfirmed '
'(preparations in '
'place if PII was '
'compromised)',
'sensitivity_of_data': 'Undetermined (investigation ongoing; '
'potential for sensitive personal data '
'exposure)'},
'date_detected': '2023-10-XX (Sunday, exact date not specified)',
'date_publicly_disclosed': '2023-10-XX (Wednesday evening, exact date not '
'specified)',
'description': 'Nevada state officials confirmed a ransomware attack detected '
'on Sunday, resulting in unauthorized exfiltration of state '
'data. The attack disrupted multiple state web assets, '
'including NV.gov and agency sites, which were taken offline '
'as part of containment measures. The investigation is ongoing '
'to determine the type and scope of the stolen data. Federal '
'cyber partners, including CISA, are assisting in recovery '
'efforts.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'public disclosure of breach and '
'service outages',
'data_compromised': True,
'downtime': True,
'identity_theft_risk': 'Possible (if sensitive personal data was '
'compromised, though not yet confirmed)',
'operational_impact': 'Significant disruption to state operations '
'due to offline systems (e.g., NV.gov and '
'agency services)',
'systems_affected': ['State data center servers',
'NV.gov (main state website)',
'Multiple agency websites and online '
'services']},
'investigation_status': 'Ongoing (forensic investigation to determine scope '
'of data exfiltration)',
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'Nevada state press conference (Timothy Galluzi, '
'Chief Information Officer)'},
{'source': 'Cybersecurity and Infrastructure Security Agency '
'(CISA) statement'}],
'response': {'communication_strategy': ['Press conference by Nevada Chief '
'Information Officer Timothy Galluzi',
'Public acknowledgment of ongoing '
'investigation and uncertainty about '
'compromised data'],
'containment_measures': ['Isolation of affected systems',
'Taking systems offline to prevent '
'further intrusion'],
'incident_response_plan_activated': True,
'recovery_measures': ['Restoring networks for lifesaving and '
'critical services (with federal '
'assistance)',
'Rebuilding systems securely'],
'third_party_assistance': ['Federal cyber partners (e.g., '
'CISA)']},
'stakeholder_advisories': 'Public press conference; acknowledgment of '
'potential PII compromise and preparedness for next '
'steps',
'title': 'Nevada State Ransomware Attack and Data Exfiltration',
'type': 'Ransomware Attack / Data Breach'}