According to an official document newly released by the Nevada office responsible for the state’s technology infrastructure, Nevada’s state systems sat unknowingly compromised for three months before officials noticed a major ransomware attack and flagged it up in August.
The Governor’s Technology Office’s (GTO) after-action report details an almost month-long recovery from the August cyberattack that temporarily shuttered many state government services.
According to the GTO, the infiltration “began as early as May 14 when a state employee unknowingly downloaded malware.”
meticulously cleared event logs to obscure their activities”
The perpetrators compromised a password vault server to harvest credentials from 26 accounts, while they also “meticulously cleared event logs to obscure their activities,” so as to stay hidden for months, according to Fox5.
The GTO stated that despite the attacker later deploying ransomware, “no ransom was paid.” State officials successfully recovered around 90% of the data impacted by the attack, the financial cost of which was approximately $1.3m plus more than $210,000 in overtime costs.
The report shows only one document containing personal information was accessed, there was no evidence of any state data taken or leaked, and only one ex-state employee was warned of potential information exposure. GTO Chief Information Officer Timothy Galluzi, meanwhile, used the report to praise “Nevada’s technical capabilities.”
