CARSON CITY, NV – Nevada state officials successfully navigated a meaningful cyberattack in early September, refusing to pay a ransom demand and recovering approximately 90% of impacted data within 28 days, according to a newly released After-Action Report (AAR). The incident, impacting multiple state agencies, prompted a rapid response involving state employees working around the clock alongside specialized partners.
The attack, first detected September 2nd, led to the engagement of cybersecurity experts from firms including Mandiant, microsoft DART, Dell, SHI/Palo Alto, and BakerHostetler, utilizing existing cyber-insurance and statewide contracts. A total of $1,314,200 was obligated to these specialized partners for forensics, recovery, and legal support.
State employees logged 4,212 overtime hours, totaling $210,599.87 in direct overtime wages (estimated fully-loaded cost: $259,037.84). Officials emphasized this in-house approach saved potentially hundreds of thousands of dollars compared to relying solely on external contractors, while preserving institutional knowledge and maintaining tighter control over the recovery process.
Critical payroll systems were maintained on schedule, and high-impact public safety and citizen-facing systems were restored in phases. the AAR highlights the state’s adherence to pre-established 24/7 playbooks as key to the swift restoration.
Looking ahead, the Governor’s Technology Office (GTO) plans to pursue a centrally managed Security Operations Center (SOC), unified Endpoint Detection & Response (EDR), identity hardening, OS and request control, and expanded workforce training to bolster long-term cybersecurity resilience.
The full After-Action Report is available at http://it.nv.gov/uploadedFiles/itnewnvgov/content/Governance/GTO%20Statewide%20Cyber%20Event%20AAR%20Final.pdf.
