LAS VEGAS (AP) — State employees were placed on paid administrative leave. Nevada residents were unable to receive their driver’s licenses. Employers…
LAS VEGAS (AP) — State employees were placed on paid administrative leave. Nevada residents were unable to receive their driver’s licenses. Employers were unable to conduct background checks on new hires. These were all fallout from a massive cyberattack in Nevada, which took almost a month to fully restore services.
The ransomware attack – well discovered in August — occurred back in May when a state employee accidentally downloaded malicious software, and it cost at least $1.5 million to fix, according to an after-action report the state released Wednesday.
“Nevada teams protected core services, paid our workers on time, and recovered quickly – without paying criminals,” Gov. Joe Lombardo said in a statement Wednesday announcing the report. “This is what disciplined planning, talented officials and strong partnerships deliver to Nevadans.”
The attack followed a long string of cybercrimes against states and municipalities in recent years.
In 2024, Georgia was the largest province hit by a cyber attack where hackers have shut down office phone lines and threatened to publicly release sensitive data they claim they have stolen unless officials pay a ransom. The LockBit ransomware syndicate claimed credit in late January for the cyberattack that temporarily crippled government services in Fulton County.
Cybercriminals hacked Rhode Island’s system for health and benefits programs and released files to a dark web site in 2024.
The Colorado Department of Transportation’s computer network was target of a ransomware attack in 2018 by two Iranian computer hackers, although no money was paid and no information was lost.
When Baltimore was hit by a ransomware attack in 2019 that crippled the city’s services for a month, it was estimated at least $18.2 million. A year earlier, a ransomware attack destroyed Baltimore’s 911 system.
Nevada officials claim the state has not paid the ransom, the amount of which has not been disclosed. The attacker has not yet been identified and the incident remains under investigation.
The attack on Nevada was a “fairly large ransomware against a state,” said Gregory Moody, director of cybersecurity programs at UNLV. This attack was able to spread more quickly across the state because of the decentralized nature of Nevada’s cyber systems, he said.
Nevada’s response time was good compared to others, he said. It typically takes between seven and eight months to discover an attacker in a system, and Nevada officials caught him faster than usual, Moody said.
According to the report, the attack cost $4,212 in overtime — or about $211,000 in direct overtime — and $1.3 million in contractor assistance. According to the governor’s office, the $1.3 million was paid by the state’s cyber insurance policy.
The costs could have been much higher, Moody said. When a data breach targeted Las Vegas-based MGM Resorts in 2023, that was done It was expected to cost the casino giant more than $100 million.
“I think they got lucky,” said Cameron Call, chief technology officer at Las Vegas-based cybersecurity firm Blue Paladin. “It sounds low compared to some; I don’t know if it takes into account the economic costs to the state of being in trouble for so long.”
On May 14, a state employee accidentally downloaded a systems management tool containing malware created to mimic a tool commonly used by IT staff, the after-action report found. That installed a hidden backdoor to give the attacker access, researchers at the cybersecurity firm Mandiant discovered.
In August, the attacker set up encrypted tunnels and used a remote desktop protocol to move through the state’s system and access the state’s password vault server.
The attacker created a zip file containing sensitive data, including personal information of a former state official, who was briefed, according to the report. Researchers have not found any data successfully extracted or published on any site.
The report includes steps the state is taking and recommendations to better protect the state in the future, such as creating a centrally managed security center and deploying Endpoint Detection and Response, a platform to improve threat detection.
However, cybersecurity experts say these are standard protocols that the state should have been implementing for years.
“The recommendations they put forward are certainly solid, but they have been best practice for a long time,” Call said.
Copyright © 2025 Associated Press. All rights reserved. This material may not be published, broadcast, written or redistributed.
#Nevada #ransomware #attack #started #months #discovered #report #WTOP #News