Nevada officials have confirmed that the recent, days-long disruption of state services was the result of a ransomware attack that forced office closures, interrupted public services, and led to data theft.

The cyberattack, first disclosed on Monday as a “network security incident,” actually took place on Sunday. As a precaution, the state ordered the closure of all government offices on both Monday and Tuesday.

During a press briefing, state leaders described the incident as a “sophisticated ransomware attack” and outlined the immediate measures taken to respond.

“Upon discovery, we activated our cybersecurity incident response plan,” said Tim Galluzi, Executive Director of the Governor’s Technology Office. “Our first priority was containment, which included isolating impacted systems and taking certain networks offline.”

Galluzi also confirmed that the attackers successfully exfiltrated data from Nevada’s systems. However, it is still too early to determine exactly what information was stolen. Authorities emphasized that, if sensitive personal data is confirmed to be compromised, proper protocols will be followed to notify and protect affected individuals.

In the meantime, Nevada’s efforts are focused on restoring systems safely. Cybersecurity experts, forensic investigators, and law enforcement agencies are working around the clock to contain the threat and bring services back online.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been assisting the state since Sunday evening, prioritizing the recovery of networks tied to critical public services. Acting CISA Director Madhu Gottumukkala underscored the importance of the joint effort:

“CISA is fully committed to supporting Nevada for as long as necessary. This coordinated response highlights the power of real-time collaboration.”

Four days after the initial breach, some state operations have resumed, though challenges remain. Certain departments are relying on manual, pen-and-paper processes, while the Nevada Health Authority has successfully restored programs such as Medicaid and benefits distribution.

Still, disruptions continue: the Access Nevada portal remains offline, specific phone systems are down, and the Child Care & Development Program is unable to access case files. DMV offices also stayed closed midweek, though online services are back online.

Despite the outage, emergency services and other essential functions remained operational throughout the incident. Updates on the state’s recovery progress continue to be shared via an official recovery status page.

Source: https://www.securityweek.com/nevada-confirms-ransomware-attack-behind-statewide-service-disruptions