Nevada on Wednesday confirmed that the days-long disruption to state systems and services was caused by a ransomware attack.
The incident, disclosed on Monday morning as a network security incident, occurred on Sunday, and forced Nevada to close all state offices on Monday and Tuesday.
During a press conference on Wednesday, the state’s officials publicly confirmed that a “sophisticated ransomware attack” was the cause of the disruptions.
“Upon detection, we immediately activated our established cybersecurity incident response plan,” Tim Galluzi, Executive Director of the Governor’s Technology Office, said.
“Our first and most critical step was to contain the threat. To that end, we have taken deliberate and targeted actions, which have included isolating and taking certain systems offline,” he added.
Galluzi also revealed that the hackers exfiltrated data from the state’s network, but said it is too early to identify or classify the data that was stolen.
“Should we determine that any sensitive personal information of our citizens was compromised, we are prepared to follow the appropriate steps,” Galluzi said.
He noted that Nevada is focused on securely restoring its systems, and that forensic experts and law enforcement have been working around the clock to respond to the incident.
The US cybersecurity agency CISA has been involved in the response operations since Sunday evening, prioritizing the restoration of networks for lifesaving and critical services and rebuilding affected systems.
“CISA is fully committed to providing cybersecurity services and expertise to the state of Nevada as long as necessary. This unified response is an example of operational collaboration in real time,” acting CISA director Madhu Gottumukkala said.
Four days after the hackers hit the state’s network, certain state offices have resumed working with the public, some Nevada state’s departments have reverted to pen and paper operations to serve the public, and the Nevada Health Authority has restored some of its operations, including Medicaid and the benefits program.
However, the Access Nevada application portal remains inaccessible, certain phone lines are down, the Child Care & Development Program cannot access case files or certifications, and DMV offices were closed on Wednesday, although its website has been restored.
Emergency services and essential operations have remained available throughout the outage. Additional information can be found on this recovery status page.
Related: PromptLock: First AI-Powered Ransomware Emerges
Related:WhatsApp Takes Down 6.8 Million Accounts Linked to Criminal Scam Centers, Meta Say
