A cyber attack has severely disrupted state services in Nevada, forcing the state government to close down offices on Monday, September 25.
State government officials stated that the state technology office detected a network security issue on early Sunday morning, which disrupted various systems, including phone lines, online systems, and websites.
It responded by immediately initiating recovery plans and launching an investigation to determine the nature and scope of the cybersecurity incident.
“On early Sunday morning, the State of Nevada identified a network security incident and immediately engaged in 24/7 recovery efforts. The matter is under active investigation,” Gov. Lambardo’s Press Office posted on X.
Nevada cyber attack disrupts state services, closes offices, and leaks personal data
The cyber attack resulted in the closure of all government offices, leaving residents without the necessary state services. However, many state employees reported on Tuesday as various services began coming back online.
The cyber attack also did not impact emergency 911 services, which remained fully operational, ensuring no loss of human life due to a cyber incident.
Meanwhile, efforts to restore the impacted systems are also ongoing, although the government has not provided the expected date of resolution.
However, Nevada is focused on validating all impacted systems before restoration to eradicate the threat, suggesting that recovery would take longer than previously expected.
“The State is focused on restoring services safely and validating systems before returning them to normal operation,” officials stated.
So far, Nevada has not disclosed the nature of the cyber incident, although the prolonged disruptions and cautious recovery efforts suggest that ransomware was deployed.
The state has also not disclosed the vector that the threat actors exploited during the cyber attack. However, targeted phishing (spear phishing), system and cloud misconfigurations, the exploitation of unpatched security vulnerabilities, and compromised credentials are among the leading causes of data breaches.
Previously, the Governor’s office assessed that no evidence suggested that the cyber attack resulted in the exfiltration of personal information. However, Nevada’s state chief information officer, Tim Galluzi, later told reporters that personal data was likely copied from the corporate network.
“I must disclose that our ongoing forensic investigation has found evidence that indicates some data has been exfiltrated, or moved outside the state network, by the malicious actors,” Galluzi said.
However, the state was still trying to determine the specific nature of the compromised personal information.
“The attack comes one day after a cyberattack in Maryland disrupted state transportation services,” said Aditya Sood, VP of Security Engineering and AI Strategy at Aryaka. “Nevada residents are being advised to be cautious of scams, and to never share any personal or financial information over phone or email.”
Threat actors unknown
Currently, no cybercrime gang has taken responsibility for the apparent ransomware attack, and the state has also not disclosed receiving any ransom demands.
However, targeting of federal and state services is usually conducted by state-sponsored threat actors and hacktivists seeking to achieve a specific political or geopolitical objective.
While Nevada wishes to promptly restore the impacted state services, paying a ransom was unlikely. Subsequently, the threat actors must monetize their access by selling the stolen data to other cybercriminals or exploiting it to target the victims.
Meanwhile, federal, local, and tribal government agencies are assisting Nevada in responding to the cyber attack and restoring impacted state services.
Government units are attractive targets of state-sponsored and financially motivated threat actors. In July 2025, the City of St. Paul, Minnesota, suffered an apparent ransomware attack, forcing Gov. Tim Walz to activate the National Guard Cyber Unit.
“Cyberattacks on state systems can have destabilizing impacts, extending beyond temporary service disruptions,” Sood concluded.
