Report: Nevada breached months before ransomware attack discovery

The major ransomware attack against Nevada discovered in late August has been underway since May, The Associated Press reports.

Injection of a clandestine backdoor facilitated by a Nevada state employee's accidental download of a malicious system admin tool on May 14 allowed threat actors to create encrypted tunnels, conduct lateral movement, and infiltrate the state's password vault server by August, according to a post-mortem report from the state.

Attackers then exfiltrated sensitive data to a ZIP file but additional investigation into the exposed information is still underway. Recovering from such a significant cyber incident has cost the state at least $1.5 million, most of which was covered by cyberinsurance, said officials, who emphasized that no ransom demand has been paid as part of the restoration process.

Meanwhile, Nevada was hailed by University of Nevada, Las Vegas Director of Cybersecurity Programs Gregory Moody for having accelerated response times considering the extent of the intrusion.