Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Nevada state government hit by ransomware attack

Incident
First reported
Last updated
Happening score
H score 39
2 unique sources, 2 articles

Summary

Hide ▲

Nevada state government suffered a ransomware attack that disrupted core public services, including driver’s licenses, background checks, websites, phone systems, and other online platforms. The incident affected many state agencies and forced a lengthy recovery effort. The compromise began in May through a trojanized system administration tool that gave the attacker persistent access to state systems. Nevada later disclosed the intrusion after discovering it in August, said it did not pay a ransom, and reported recovery costs of at least $1.5 million.

Related Happenings

Finnish arrest and U.S. charges in Bouquet Scattered Spider case

Law Enforcement
First: 28.04.2026 18:39 Last: 28.04.2026 18:39 Sources 1

About this happening: **Finnish law enforcement** arrested **Bouquet**, and **U.S. federal prosecutors** later charged him in a cross-border **Scattered Spider** cybercrime case. The charges include **...

Open Happening

Aleksey Olegovich Volkov sentenced in Yanluowang ransomware case

Law Enforcement
First: 24.03.2026 15:06 Last: 24.03.2026 15:06 Sources 1

About this happening: The **Justice Department** said **Aleksey Olegovich Volkov** was **sentenced to 81 months** in prison for serving as an **initial access broker** in **Yanluowang ransomware** atta...

Open Happening

Ingram Micro hit by ransomware attack

Incident
First: 19.01.2026 15:33 Last: 19.01.2026 15:33 Sources 1

About this happening: **Ingram Micro** disclosed a **ransomware attack** that led to **unauthorized file theft** from internal repositories and a breach affecting **over 42,000 individuals**. The incid...

Open Happening

Customer hit by ransomware attack

Incident
First: 11.11.2025 17:01 Last: 11.11.2025 17:01 Sources 1

About this happening: A **customer environment** was intruded by **RansomHub affiliates**, and the compromise was contained before it became ransomware, preventing business interruption. The attackers...

Open Happening

Aleksey Olegovich Volkov campaign expands across multiple victims

Campaign
First: 10.11.2025 21:12 Last: 10.11.2025 21:12 Sources 1

About this happening: The **Yanluowang** ransomware operation is now tied to a named **initial access broker** who helped attackers reach **at least eight U.S. companies**, showing a coordinated extort...

Open Happening

Timeline

  1. 06.11.2025 21:02 1 articles · 6mo ago

    State of Nevada initial access via trojanized system administration tool

    Exploitation Observed

    A State of Nevada employee searched Google for a system administration tool and was led by a malicious advertisement to a fraudulent website impersonating the legitimate project, where a trojanized utility installed a hidden backdoor and gave the attacker persistent remote access to the state’s internal network.

    Show sources
    Open in new tab
  2. 06.11.2025 21:02 1 articles · 6mo ago

    Symantec Endpoint Protection quarantines malicious tool on State of Nevada workstation

    Detection Ioc Update

    Symantec Endpoint Protection (SEP) identified, quarantined, and deleted the malicious tool from the infected workstation, but the persistence mechanism resisted removal and the attacker could still reach the environment.

    Show sources
    Open in new tab
  3. 06.11.2025 21:02 1 articles · 6mo ago

    State of Nevada attacker installs commercial remote-monitoring software

    Exploitation Observed

    The attacker installed commercial remote-monitoring software on a system, enabling screen recording and keystroke logging against the State of Nevada environment.

    Show sources
    Open in new tab
  4. 06.11.2025 21:02 1 articles · 6mo ago

    State of Nevada second commercial remote-monitoring infection

    Exploitation Observed

    Ten days after August 5, the same commercial remote-monitoring software was installed again, extending the attacker’s foothold in the affected environment.

    Show sources
    Open in new tab
  5. 06.11.2025 21:02 1 articles · 6mo ago

    State of Nevada backup deletion and ransomware deployment

    Victim Impact Update

    The attacker authenticated to the backup server and deleted all backup volumes, logged into the virtualization management server as root to change security settings for unsigned code execution, and then deployed ransomware on all servers hosting the state’s virtual machines; the Governor’s Technology Office (GTO) detected the outage roughly 20 minutes later.

    Show sources
    Open in new tab
  6. 06.11.2025 21:02 2 articles · 6mo ago

    State of Nevada after-action report and recovery summary

    Initial Disclosure

    The State of Nevada published an after-action report describing how the breach began, how attackers moved through the network, and how the state restored services without paying a ransom, recovering 90% of the impacted data after 28 days and relying on overtime staff and external vendor support to bring websites, phone systems, and online platforms back online.

    Show sources
    Open in new tab
  7. 06.11.2025 13:54 1 articles · 6mo ago

    Nevada state employee downloads malware-laced admin tool

    Exploitation Observed

    A Nevada state employee accidentally downloaded a malware-laced system administration tool that mimicked software commonly used by IT personnel, and investigators later found that the download installed a hidden backdoor that gave the attacker access to state systems.

    Show sources
    Open in new tab
  8. 06.11.2025 13:54 2 articles · 6mo ago

    Nevada after-action report discloses August discovery and recovery costs

    Initial Disclosure

    Nevada released an after-action report on November 6 that said the ransomware intrusion had been discovered in August, that state services including driver’s licenses and background checks were disrupted, that restoration took nearly a month, that the state did not pay ransom, and that recovery cost at least $1.5 million. The same report recommended a centrally-managed security operations center and endpoint detection and response to strengthen future defenses.

    Show sources
    Open in new tab