๐ด Website ๐ https://u-s-news.com/
Telegram ๐ https://t.me/usnewscom_channel
The governorโs office did not directly respond to questions about additional details on the cyber attack, including what ransom was demanded by the attackers, and whether a ransom was paid by the state. (Photo: April Corbin Girnus/Nevada Current)
More than six weeks have passed since Gov. Joe Lombardoโs office announced the State of Nevada had been breached by cyberattackers and Nevadans are still in the dark about the scope of the damage done, or whether the state has paid a ransom.
Cybersecurity professionals say investigations of incidents of this scale will likely take months, so itโs expected that additional information is not available, but some worry information might be downplayed or delayed for political purposes.
On Aug. 24, the governorโs office announced a โcyber incident.โ All state agencies, including the Department of Motor Vehicles and social services offices, were physically shuttered for at least two days. All state agency websites were taken offline in what the governorโs office described as a proactive and precautionary measure.
For weeks: The agency that processes Medicaid, SNAP and TANF applications reverted to having new applicants fill out paper forms; mandatory background checks for firearms were unavailable, halting legal sales and transfers for anyone without a concealed carry permit;ย law enforcement databases containing information about criminal records and registered sex offenders wereย inaccessible; and businesses like car dealerships and smog check shops that use DMV databases experienced delays and issues.
Greg Moody, director of the cybersecurity program at UNLV, called it โthe largest state-focused attack in modern history.โ Others in the cybersecurity world have described it as an unprecedented attack.
On Sept. 12, the governorโs office announced that โ90%โ of public-facing state agency websites had been restored. Since then, the governor has provided no additional updates.
On Monday, the recovery update page set up by the state displayed a banner stating all state agency websites have been restored and the recovery page will no longer be updated. Itโs unclear when that banner went up, and the governorโs office did not directly respond to the Nevada Currentโs question asking when the last state website was restored.
โAll major constituent-facing services are back online, and Nevada is operational again,โ said Josh Meny, the governorโs press secretary, in an emailed statement. โOur agencies are diligently working to resolve any intermittent back-end issues, but the majority of these issues are not directly attributable to the cyber incident but are instead linked to other recent enhancements aimed at strengthening and securing our cyber environment.โ
Some specific features of agency websites may still be down, but no full accounting of that is publicly available. As Meny put it, โit may be challenging to precisely quantify the minor adjustments currently being implemented by agenciesโ but the state โis actively compiling an inventory of these efforts.โ
The governorโs office did not directly respond to questions about additional details on the cyber attack, including what ransom was demanded by the attackers, and whether that ransom was paid by the state.
โThe state remains committed to transparent communication and will share a final update once all efforts have been successfully completed,โ said Meny in the statement.
Moody from UNLV says itโs not surprising there hasnโt been additional information released. Nevada is working with the U.S. Department of Homeland Securityโs Cybersecurity and Infrastructure Security Agency and the FBI on the investigation, and one or both of those agencies is likely the lead, he says.
It takes a lot of time and effort to retrace electronic actions, says Moody, and investigators must preserve evidence for possible prosecution.
โIt makes the process go slower,โ he added.
Meny, for the governorโs office, emphasized that the state still โhas not seen evidence of any constituent PII (personally identifiable information) being compromised in this attack.โ
He added, โAs Governor Lombardo has previously said, if investigators eventually discover otherwise, the state will follow Nevadaโs strict statutes about personal data breaches by notifying any affected individuals promptly and providing resources to help protect them.โ
The state has previously said that data was exfiltrated โ meaning taken off the stateโs system and moved elsewhere. But it has not said what that data entailed.
Moody notes Nevada Revised Statute includes a strict definition for โpersonal information.โ To meet the definition, the data must include a full or partial name as well as another element, such as a driverโs license number or password information.
If the information was encrypted, it would not meet the state definition, he added, because thereโs โsome reasonable assuranceโ that attackers would not have access to it.
Moody says the attackers could have gotten information that does not meet the stateโs definition of personal identifiable information, or they could have been exploring how the stateโs centralized IT system is set up in hopes of replicating an attack elsewhere.
โWho knows,โ he said, โUntil we know the hacker and the motivation itโll be hard to know what they were looking for.โ
Lombardo in an earlier press conference has described the incident as a ransomware attack, and he has suggested the motivation was a financial ransom.
While some states have passed laws banning the paying of such ransoms, Nevada has no such law.
โThey could have cut a deal or paid a ransom,โ said Michael Leonard, a former IT professional and publisher of Mikeโs Reno Report whoโs been following the cyberattack. โโKeep quiet and weโll give you money.โโ
Leonard is critical of the lack of info, acknowledging that while the investigation must be taken into account, the state still needs โto come forward with enough information to ensure us theyโre investigating and credible.โ
He suspects the silence is as driven by politics as much as by the investigation itself.
โI would say itโs equal motivation,โ said Leonard. โTo protect the reputation of government officials and elected officials.โ
โThere are unanswered questions and we should be asking them,โ he added.
Lombardo is up for reelection next year and considered one of the most vulnerable governors in the nation. Candidate filing does not begin until March, but Attorney General Aaron Ford is currently considered the frontrunner to challenge him, though Ford faces a Democratic primary first.
Democratic legislative leaders expressed criticism of Lombardo in the days immediately after the cyberattack but have remained relatively quiet on the issue since.
Assembly Speaker Steve Yeager on Sept. 9 announced he would form a legislative working group on cybersecurity. His caucus did not respond to the Currentโs request Thursday for an update on that effort.
This content is courtesy of, and owned and copyrighted by, https://www.nevadacurrent.com and its author. This content is made available by use of the public RSS feed offered by the host site and is used for educational purposes only. If you are the author or represent the host site and would like this content removed now and in the future, please contact USSANews.com using the email address in the Contact page found in the website menu.