• Cyber Syrup
  • Posts
  • Nevada Confirms Ransomware Attack Behind Statewide Service Disruptions

Nevada Confirms Ransomware Attack Behind Statewide Service Disruptions

Nevada state officials have confirmed that a ransomware attack was responsible for the days-long disruption of state systems and services

September 02, 2025

In partnership with

CYBER SYRUP
Delivering the sweetest insights on cybersecurity.

The Gold standard for AI news

AI keeps coming up at work, but you still don't get it?

That's exactly why 1M+ professionals working at Google, Meta, and OpenAI read Superhuman AI daily.

Here's what you get:

  • Daily AI news that matters for your career - Filtered from 1000s of sources so you know what affects your industry.

  • Step-by-step tutorials you can use immediately - Real prompts and workflows that solve actual business problems.

  • New AI tools tested and reviewed - We try everything to deliver tools that drive real results.

  • All in just 3 minutes a day

Nevada Confirms Ransomware Attack Behind Statewide Service Disruptions

Nevada state officials have confirmed that a ransomware attack was responsible for the days-long disruption of state systems and services. The cyberattack occurred on Sunday and forced the closure of all state offices on Monday and Tuesday. Initial public reports only described the event as a “network security incident,” but officials clarified on Wednesday that ransomware was the cause.

Immediate Response

According to Tim Galluzi, Executive Director of the Governor’s Technology Office, Nevada immediately activated its cybersecurity incident response plan upon detecting the intrusion. The first priority was containing the threat, which required isolating affected systems and deliberately taking some offline to prevent further spread.

Galluzi also acknowledged that the attackers exfiltrated data from the state’s network. However, the type and scope of the stolen information remain unclear. He emphasized that if sensitive personal data was compromised, Nevada is prepared to notify and support affected citizens.

Role of Federal Agencies

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been assisting with the state’s response since Sunday evening. Acting CISA Director Madhu Gottumukkala described the incident as an example of real-time collaboration between state and federal authorities. CISA is prioritizing the restoration of lifesaving and critical services while rebuilding compromised systems.

Current Recovery Status

Four days after the attack, progress has been made, though many state services remain affected:

  • Restored Services: Some state offices have resumed in-person operations, and the Nevada Health Authority has restored Medicaid and benefits programs. The DMV’s website is back online.

  • Still Impacted: The Access Nevada portal remains unavailable, some phone lines are down, and the Child Care & Development Program cannot access files or certifications. Several DMV offices remained closed as of Wednesday.

  • Continuity of Operations: Emergency services and essential functions were not interrupted during the attack.

In some cases, agencies reverted to pen-and-paper operations to continue serving the public.

Broader Implications

The Nevada incident highlights the persistent threat ransomware poses to state and local governments. Beyond immediate service outages, such attacks risk exposing sensitive citizen data and disrupting critical infrastructure.

By involving federal partners like CISA and following structured incident response protocols, Nevada has demonstrated the importance of coordinated action. However, the event also underscores the ongoing need for proactive defenses, regular system testing, and secure recovery plans to minimize both disruption and risk to citizens in the face of evolving ransomware threats.