Nevada government declined to pay ransom

November 8, 2025

The Nevada government successfully rebounded from a ransomware attack in 28 days without paying a ransom recovering 90% of the data. The cyberattack was traced back to an earlier breach through a compromised tool downloaded from a spoofed site affecting critical services and prompting increased cybersecurity measures.

The ransomware incident impacting Nevada's state government underscores the increasing sophistication of cyber threats targeting local governments. The attack highlighted vulnerabilities in state IT infrastructure particularly through the exploited search engine optimization (SEO) poisoning method which illustrates the need for vigilance in verifying software sources. Following an infiltration as early as May 2025 via a spoofed website attackers leveraged a malware-laden system tool that established a backdoor for further exploitation allowing them to gain privileged access to sensitive systems.

From August 16 to 24 the cybercriminals executed lateral movements within the state’s network accessing and deleting backups and compromising critical data areas before deploying the ransomware. The event has bolstered discussions around the necessity of investing in advanced threat detection and cybersecurity training for personnel. Despite the immediate operational challenges including service closures the state’s ability to restore payroll and core functionalities efficiently demonstrates effective crisis management amidst growing cyber threats.

Moreover the FBI’s assistance and the significant expenditure on recovery reflect the pattern of escalating costs associated with such cyber incidents which can often spiral into millions—both in response efforts and reputational damage. The Nevada government’s decision against paying the ransom signals a resolve to deter future cyber extortion though concerns arise regarding the potential for retaliation or further attacks from the unidentified threat actor. Furthermore ongoing cuts to federal cybersecurity resources particularly within the Cybersecurity and Infrastructure Security Agency (CISA) critically strain support for state entities, thereby increasing vulnerability to persistent cyber challenges. The situation reflects a broader theme within the U.S. landscape where multiple states are grappling with similar threats, necessitating a concerted effort to enhance local cybersecurity frameworks to withstand future incidents.