You might find this hard to believe, but hackers gained access to Nevada's government computers and locked them down using ransomware. That's the same type of attack that locks your files and demands money for their release.
Here, I'm going to talk about what really happened and what can we learn.
Once downloaded, the fake tool provided the hackers an undetected backdoor into the state of Nevada's systems - they could get into the systems whenever they wanted.
This is what happened next:
• June: The antivirus flag was raised, and it identified the downloaded fake tool, but the hackers still had access.
• August: The hackers moved deeper into the system and located the password vault, later deleting the logs from the electronic access security, so no one would be able to trace them that way.
• Then, the hackers deleted the backups (the safety copies of critical and valuable files) from all of the government systems and computers, and then they encrypted the servers/machines.
Essentially, the hackers locked up all of the government computers, and no one could use them.
The interesting thing is the state did not conceal this. They issued an official report outlining the attack, how the attackers did it, the response, etc. This is extraordinary when we think about how much we could learn from such official reports.
Interestingly, the attackers did not claim responsibility or make a public ransom demand. That is strange, right? Perhaps it was just a test run (to see how much havoc they could create), or it was a "quiet job".
• They turned on overtime - their own IT group logged over 4,000 hours cleaning up the system.
• They got outside resources like Microsoft and Mandiant involved (approximately a $1.3 million incident).
• They "cleaned" their system - they deleted old user accounts, reset all passwords, deleted non-working conditions, and initiated more external controls/monitoring.
And their goal? To ensure that this type of attack would never happen again!
Here, I'm going to talk about what really happened and what can we learn.
What Really Happened
It all started in May 2025 when a state employee downloaded what they thought was a safe tool; it wasn't safe. It was a fake system tool that hackers put online. Have you ever clicked on the first link in Google, thinking it was fine? That is essentially what happened on this occasion.Once downloaded, the fake tool provided the hackers an undetected backdoor into the state of Nevada's systems - they could get into the systems whenever they wanted.
This is what happened next:
• June: The antivirus flag was raised, and it identified the downloaded fake tool, but the hackers still had access.
• August: The hackers moved deeper into the system and located the password vault, later deleting the logs from the electronic access security, so no one would be able to trace them that way.
• Then, the hackers deleted the backups (the safety copies of critical and valuable files) from all of the government systems and computers, and then they encrypted the servers/machines.
Essentially, the hackers locked up all of the government computers, and no one could use them.
Why This Cyberattack Came to Be Noticed
This attack was not of little consequence. It affected over 60 state government agencies by disabling websites, phones, and public services.The interesting thing is the state did not conceal this. They issued an official report outlining the attack, how the attackers did it, the response, etc. This is extraordinary when we think about how much we could learn from such official reports.
Interestingly, the attackers did not claim responsibility or make a public ransom demand. That is strange, right? Perhaps it was just a test run (to see how much havoc they could create), or it was a "quiet job".
What Nevada Did Feeling After the Attack
After the attack, the state government entered in full Recovery mode. Here's what they had to do:• They turned on overtime - their own IT group logged over 4,000 hours cleaning up the system.
• They got outside resources like Microsoft and Mandiant involved (approximately a $1.3 million incident).
• They "cleaned" their system - they deleted old user accounts, reset all passwords, deleted non-working conditions, and initiated more external controls/monitoring.
And their goal? To ensure that this type of attack would never happen again!
What We Can Learn
Now, here’s what all of us should takeaway:- Always check software before you download it. Phony websites are very clever!
- Backups are important; just make sure a hacker cannot delete them.
- While security updates and strong passwords are boring, they are an advantage and defence.
- Sharing mistakes is a benefit for everyone. Nevada showing up for everyone else can be educational.
