Nevada has faced a 300% increase in cyberattack attempts on its websites since a ransomware attack in August knocked several state websites offline and downed several digital services, Gov. Joe Lombardo said in a press briefing Friday.
The uptick in attempts, Lombardo said at a press briefing in Las Vegas, totaled about 150 million hits to the state’s firewalls in the 72 hours following the first press conference discussing the attack, which was first detected on Aug. 24 and initially identified by state officials as a “security incident.”
Despite this, Lombardo said that the state has restored about 90% of its public-facing websites and services following the ransomware attack, with hopes to bring some of the remaining sites and digital services online over the weekend.
The increased attempted cyberattacks, which Lombardo said came in the form of phishing attempts to gather state system credentials, followed news about the state conducting a statewide password reset for all employees. Lombardo said the reset was performed as a defensive control to cut off any compromised credentials, and since then, nearly all employees have regained access to their systems.
“After new stories about the password resets went live, we began to receive reports of phishing attempts attempting to capture state credentials in real time. Thanks to the heightened awareness from our state employees, these attempts were quickly identified and thwarted as another example of how sensitive these public announcements are,” he said. “For context, the state normally would face approximately 150,000 hits a day. The state has faced over 300% increase in direct attack attempts throughout the recovery operations.”
Lombardo was unable to offer details about technical elements of the attack, the identity of the attackers, or anything about the ongoing nature of the federal investigation. Additionally, it is still unclear what type or amount of state data was impacted in the attack. In an update provided on Aug. 27, Nevada Chief Information Officer Timothy Galluzi said it appeared as though perpetrators stole state data.
On Friday, Lombardo confirmed as much about the extrication, but said the state has still not uncovered evidence that any personally identifiable information of residents was compromised in the attack. He added that it appears affected data included data endemic to state processes, state inventory, and state databases, and that the state’s financial information and data were also not impacted.
“At this point in the recovery process, my team continues to balance transparency with operational security concerns. We are implementing stronger governance policies and controls across state government. The state has initiated identity-hardened processes, which include requiring a stronger minimum password standard and expanding multi-factor authentication so criminals cannot reuse the old login information that the employees used previously,” he said.
While the state still has several websites and services to get back online — such as the state’s sex offender registry and the system enabling the state’s gun dealers to conduct background checks using the FBI’s National Instant Criminal Background Check system — Lombardo said he was confident that some will be restored over the weekend, with certain sites prioritized for their public safety value.
“I think it’s important for people to realize 90% is monumental and the ability to provide to our constituents. At the DMV, which is the most common question presented, our most public-facing agency, Nevadans have been able to complete essential services in person since last week, such as registrations, title transfers and driver’s licenses tests and renewals. The DMV is now 100% back online,” he said.
“Nevada should know this: while we are not yet at the finish line, we’re moving there faster than expected,” Lombardo said. “We will continue to be transparent about what we can responsibly share.”
