Rare Cyberattack on Nevada Government: What is Ransomware and What Are They Doing About It?

Ransomware is malicious software that hackers sneak into computer systems, locking files to render them inaccessible and demanding payment for their release. Hackers typically gain entry through phishing emails, weak passwords, or software vulnerabilities, and in high-profile targets like corporations or governments, they frequently steal sensitive data to ramp up the extortion pressure. Currently, Nevada's state government is battling a severe ransomware attack that struck on August 24, suspending services including the DMV, Medicaid, and welfare programs. The breach has closed numerous offices or forced services to revert to manual and paper-based methods.

Governor Joe Lombardo (R) announced that response teams, supported by CISA, are diligently restoring systems, with full recovery expected to take weeks to ensure robust security. A temporary recovery page has been established to provide updates. The Governor's Technology Office and its Office of Information Security and Cyber Defense, led by the State’s Chief Information Officer Timothy Galluzi and Deputy Director Adam Miller, are managing Nevada’s cybersecurity strategy and incident response. "Our goal is to restore full functionality as quickly as possible, but we have a duty to do so safely and securely," said Galluzi.

Since 2018, ransomware attacks on U.S. government entities have inflicted over $1.09 billion in estimated downtime costs on cities and states. Among the most notable ransomware attacks on U.S. governments, the 2018 SamSam assault on Atlanta stands out for harming essential municipal services such as online payments and court operations, ultimately costing the city over $17 million in recovery efforts despite refusing to pay the ransom. The following year, Baltimore endured a RobbinHood ransomware attack that encrypted city systems, stalling real estate transactions and billing processes, with cleanup expenses totaling $18.2 million and no ransom disbursed. In 2023, Oakland, California, was targeted by the Play ransomware group, which disrupted IT networks and emergency services, leading to a state of emergency declaration and the eventual leak of stolen personal and financial data on the dark web. These cases illustrate the profound financial burdens, operational paralysis, and long-term vulnerabilities that cyberattacks impose on governments.

Cyberattacks on Nevada's state and local governments have been relatively infrequent compared to other states. Notable local examples include a 2020 cyberattack on the City of Las Vegas's municipal network, which was detected early and mitigated without significant damage, and a 2021 ransomware attack on the Washoe Tribe of Nevada. The ongoing statewide ransomware breach marks a notable escalation, standing as the most severe on record for Nevada's government systems. This event aligns with a nationwide uptick in ransomware assaults on public entities, which frequently lack strong cybersecurity measures owing to budgetary limitations.

Nevada is actively responding to the recent cyberattack, prompting heightened focus on cybersecurity improvements. Residents are encouraged to stay vigilant for identity theft risks, and officials recommend that governments strengthen system patches and backups to prevent future incidents.