Nevada Expands Zero Trust and Identity Modernization After Ransomware Attack
Nevada officials said a major ransomware attack prompted the state to accelerate cybersecurity and digital modernization efforts, with State CIO Tim Galluzi framing the incident as proof that resilience, workforce readiness, and governance must be built into daily operations rather than treated as one-time projects. The state subsequently secured unanimous legislative support and backing from the governor to invest in new cybersecurity tools and infrastructure intended to better protect resident data and critical government systems.
Nevada's response emphasizes zero trust architecture, stronger identity and access management, and broader cross-agency coordination as part of a longer-term modernization strategy. Galluzi described identity as the "new firewall" in an environment where employees, partners, and residents increasingly access systems remotely, and he also highlighted workforce training as a core defensive measure alongside technology upgrades and improved service delivery.
Sources
Related Stories
Nevada Adopts Statewide Data Classification Policy After Disruptive Cyberattack
Nevada’s Governor’s Technology Office introduced a **statewide data classification policy** intended to standardize how state agencies label and protect information following a **major cyberattack** that disrupted government systems for weeks. The framework establishes four sensitivity tiers—**public**, **sensitive**, **confidential**, and **restricted**—and directs agencies to choose the more restrictive category when classification is unclear, aiming to prevent inconsistent handling of private versus public data and to create a common baseline for interagency data sharing. State officials and lawmakers described the policy as a foundational step for broader cybersecurity improvements in the wake of the incident, alongside initiatives such as expanding **multifactor authentication**, standing up a new **Security Operations Center (SOC)**, and forming a legislative working group to guide future security measures. The policy is positioned as a standardization and resilience measure and does **not** change Nevada’s public records law, under which records are presumed public unless specific confidentiality provisions apply.
1 months agoRansomware Attack on Nevada State Government via Malicious Admin Tool
A ransomware attack on the Nevada state government was enabled by a state employee's accidental download of a trojanized system administration tool from a fraudulent website in May. The attackers established a backdoor, conducted lateral movement, and infiltrated the state's password vault server over several months. By August, they had exfiltrated sensitive data, deleted backup volumes, and deployed ransomware, disrupting services at more than 60 state agencies, including health benefits, public safety records, and DMV operations. The incident forced critical systems offline for up to 28 days, with recovery efforts requiring a full rebuild of Active Directory and significant overtime from IT staff. The state did not pay a ransom, and most recovery costs were covered by cyberinsurance, totaling at least $1.5 million. The after-action report from Nevada's technology office highlighted the attacker's use of search ads to distribute malware disguised as legitimate admin tools, a growing trend in initial access techniques. Despite the extensive impact, Nevada was commended for its accelerated response and transparency in reporting, restoring 90% of impacted data within a month. The incident underscores the risks of supply chain and user-driven compromises, as well as the importance of robust detection, backup, and identity management practices in defending against sophisticated ransomware campaigns targeting government infrastructure.
4 months ago
Ransomware Negotiation and Enterprise Resilience Guidance
Reporting highlighted the **moral, legal, and operational risks of ransomware negotiation**, noting that payment brokering often occurs with limited transparency and few industry standards or accountability mechanisms. The discussion was sharpened by the case of two former incident responders—**Ryan Clifford Goldberg** and **Kevin Tyler Martin**—who pleaded guilty to participating in ransomware attacks while working in the incident response ecosystem, underscoring insider-risk and conflict-of-interest concerns in the negotiation and response market. Separate explainers reinforced that ransomware remains a high-impact, financially motivated threat: attackers commonly **encrypt systems, steal data, and threaten leaks** to increase pressure on victims, with critical services (healthcare, power, transport, finance) particularly exposed due to the cost of downtime. Executive-focused guidance emphasized shifting from “prevention-only” to **resilience**, describing a typical multi-stage playbook (initial access via phishing/exposed remote services/third parties; privilege escalation and AD compromise; lateral movement into backups and core infrastructure; exfiltration; encryption and recovery sabotage) and calling out common failure points such as weak identity governance, flat networks, and untested or accessible backups.
1 months ago