Nevada officials attributed the ransomware-based cybersecurity attack the state suffered in August to a state employee unknowingly downloading “a malware-laced system administration tool” from a fake website.
According to a report published on Nov. 6 by the Nevada Governor’s Technology Office (GTO), the cybersecurity breach disrupted state systems for approximately 28 days.
Tim Galluzi, Nevada’s state chief information officer (CIO), said the state identified the cyberattack on Sunday, Aug. 24. Galluzi’s team responded immediately, isolating and taking certain systems offline.
However, the report reveals that the threat actor had infiltrated the system as early as May 14, when the state employee downloaded the malware-laced tool.
The tool installed “a hidden backdoor,” according to the report, and the attacker “escalated their access by installing a commercial remote monitoring software” on several systems.
Following its discovery of the breach, the GTO led a structured response in coordination with the governor’s office, more than 60 state agencies, critical vendors, and federal partners.
Ultimately, the state restored statewide services and recovered approximately 90% of the impacted data. The remaining 10% of affected data, while still in the state’s control, “was not required to restore essential services and is being reviewed on a risk-basis,” according to the report.
“This incident underscores the importance of having a well-rehearsed incident response plan and trusted partnerships with legal and cybersecurity professionals,” the report says.
“The incident further highlighted the importance of robust cybersecurity measures and the value of preparedness, and the critical role of staff training and awareness in mitigating cyber risks,” it adds.
