CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Nevada State Agencies Disrupted by Cyberattack

First reported
Last updated
3 unique sources, 3 articles

Summary

Hide ▲

A ransomware attack on Nevada's government offices, initially detected on August 25, 2025, began as early as May 2025. The attack impacted more than 60 state government agencies and disrupted essential services, including websites, phone systems, and online platforms. The state recovered 90% of the impacted data without paying a ransom. The state has spent at least $1.5 million on recovery efforts and has implemented new cybersecurity measures to prevent future incidents. The incident prompted the state to warn residents about potential phishing attempts and to verify information from official sources. The state is collaborating with various partners to restore services and validate systems before returning them to normal operation. There is no evidence of personally identifiable information being compromised.

Timeline

  1. 06.11.2025 21:02 1 articles · 4d ago

    Nevada Recovers 90% of Impacted Data Without Paying Ransom

    The state recovered 90% of the impacted data without paying a ransom. The Governor’s Technology Office (GTO) detected the outage roughly 20 minutes after the ransomware was deployed. The state’s IT staff and overtime payments were used to restore the impacted systems and services.

    Show sources
    Open in new tab
  2. 06.11.2025 13:54 2 articles · 4d ago

    Nevada Implements New Cybersecurity Measures

    The state has improved its cybersecurity defenses, including removing old or unnecessary accounts, resetting passwords, and reviewing system rules and permissions. These measures aim to enhance the state's defenses against future cyber threats.

    Show sources
    Open in new tab
  3. 27.08.2025 22:59 3 articles · 2mo ago

    Nevada State Agencies Disrupted by Cyberattack

    The ransomware attack began as early as May 2025 when a state employee mistakenly downloaded malicious software. The attack impacted more than 60 state government agencies and disrupted essential services, including websites, phone systems, and online platforms. The state recovered 90% of the impacted data without paying a ransom. The state has spent at least $1.5 million on recovery efforts and has implemented new cybersecurity measures to prevent future incidents.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Apache OpenOffice denies Akira ransomware breach claims

The Apache Software Foundation has denied claims by the Akira ransomware group that it suffered a data breach. The ransomware group claimed to have stolen 23 GB of data, including employee and financial information, from Apache OpenOffice. The foundation asserts it does not possess the types of data claimed to have been stolen and has found no evidence of a breach. The Akira ransomware gang claimed the breach on October 30, 2025, but the Apache Software Foundation has not received any ransom demands and has not found any evidence of a breach. The foundation has not contacted law enforcement or cybersecurity experts regarding the alleged breach.

Open in new tab

Merkle Breach Exposes Employee and Client Data

Merkle, a US-based subsidiary of Dentsu, experienced a cyberattack resulting in the theft of sensitive employee and client data. The breach was detected through unusual network activity, prompting an incident response and investigation. The stolen data includes bank details, payroll information, and personal contact details. Merkle has notified affected individuals and law enforcement, and is offering credit monitoring and Dark Web monitoring to impacted employees. The nature of the attack remains unknown, but it may involve data extortion or ransomware. The incident highlights the ongoing threat of data theft and the importance of robust incident response protocols.

Open in new tab

Akira Ransomware Group Disables KNP Logistics Group with Weak Password Exploit

The Akira ransomware group successfully breached KNP Logistics Group (formerly Knights of Old) in June 2025. The attackers exploited a weak employee password to gain access to the company's internet-facing systems. Once inside, they deployed ransomware, encrypted critical data, and destroyed backups, leading to the company's collapse. The incident resulted in the loss of 700 jobs and significant economic impact in Northamptonshire. The attack underscores the critical importance of strong password policies and multi-factor authentication (MFA) in preventing ransomware attacks. The breach highlights the persistent risk posed by weak passwords, with 45% of compromised passwords crackable within a minute. The attack also demonstrates the broader consequences of ransomware attacks, including job losses and economic disruption.

Open in new tab

KillSec Ransomware Attack on Brazilian Healthcare Software Provider MedicSolution

The KillSec ransomware group has attacked MedicSolution, a Brazilian healthcare software provider. The attack resulted in the exfiltration of over 34GB of sensitive healthcare data, including lab results, X-rays, and patient records. The data was stolen from insecure AWS S3 buckets, exposing the information of over 94,000 files. The breach occurred over several months, and the group is threatening to leak the data unless a ransom is paid. The attack impacts numerous healthcare organizations and patients whose data is managed by MedicSolution. The group has also targeted healthcare institutions in the US, Peru, and Colombia. The attack highlights the risks associated with supply chain vulnerabilities and the need for robust cybersecurity measures.

Open in new tab

Wayne Memorial Hospital Ransomware Attack Affects 160,000 Individuals

Wayne Memorial Hospital (WMH) in Georgia has disclosed a ransomware attack that compromised the personal and medical information of over 160,000 individuals. The breach occurred between May 30 and June 3, 2024, and involved the encryption of hospital systems and the theft of sensitive data. The hospital identified the incident on June 3, 2024, and has since taken steps to secure its network and notify affected individuals. The compromised data includes names, dates of birth, Social Security numbers, medical history, and prescription details. The hospital has engaged legal counsel and cybersecurity professionals to investigate the attack and has provided affected individuals with 12 months of free credit monitoring and identity theft protection services.

Open in new tab