The Nevada state government is grappling with a ransomware attack that has severely affected nearly all state functions and compromised an unspecified amount of personal data.
Governor Joe Lombardo disclosed that government offices were shut down, along with online services, to prevent further breach following the network security incident. State Chief Information Officer Tim Galluzi later confirmed the involvement of ransomware in the attack.
Multiple state services have ceased operations, including the closure of various offices like the DMV. The attack also impacted the state’s payment capabilities to contractors and vendors. A local TV station reported that the Aging and Disability Services Division informed vendors that “state payment systems are not functioning.” Businesses with clients using Medicaid are facing payment delays.
Insufficient Details Shared
State officials did not disclose whether a ransom was demanded or why the state was targeted. Nevada law prohibits the disclosure of technical details to safeguard public safety.
Officials also lacked a timeline for restoring state services. In his latest statement, Galluzi acknowledged residents’ frustration over inaccessible services, noting that system recovery is “a meticulous process.”
Consequently, the governor’s office cautioned Nevadans to be wary of unsolicited financial requests via phone or email, as they could arise from stolen information. The message emphasized, “The State will not ask for your password or bank details by phone or email,” and urged residents to verify information on official state websites.
Government Targets for Ransomware
Ransomware attacks on local governments are increasingly frequent. The
city of Columbus
experienced a major ransomware attack last year, prompting Ohio to mandate cybersecurity programs for all government agencies. Services in St. Paul, Minnesota, and Fulton County, Georgia, have also been temporarily halted by similar attacks.
“Smaller municipalities and utilities are frequent targets of ransomware, often initiated through phishing,” explained
Tracy Goldberg
, Director of Cybersecurity at Javelin Strategy & Research. “DNS blocking and anti-phishing education are crucial initial steps, but entities must also rely on dark web threat intelligence to identify specific malware strains and the associated risks.”