Nevada ransomware attack started months before it was discovered, per report

LAS VEGAS AP State workers were put on paid administrative leave Nevada residents couldn t receive their driver s licenses Employers were unable to conduct background checks on new hires These were all effects of a massive cyberattack in Nevada that took nearly a month to fully restore its services The ransomware attack though discovered in August occurred as early as May when a state employee mistakenly downloaded malicious application and cost at least million to recover according to an after-action assessment the state distributed Wednesday Nevada s teams protected core services paid our employees on time and recovered swiftly without paying criminals Gov Joe Lombardo noted Wednesday in a announcement announcing the assessment This is what disciplined planning talented community servants and strong partnerships deliver for Nevadans The attack came on the heels of a long series of cybercrimes against states and municipalities in fresh years In Georgia s largest county was hit with a cyberattack where hackers shut down office phone lines and threatened to publicly release sensitive content they claimed to have stolen unless bureaucrats paid ransom The ransomware syndicate LockBit took credit for the cyberattack in late January that temporarily crippled cabinet services in Fulton County Cybercriminals hacked Rhode Island s system for strength and benefits programs and published files to a site on the dark web in The Colorado Department of Transportation s computer system was targeted in a ransomware attack in by two Iranian computer hackers though no money was paid and no information was lost When Baltimore was hit in with a ransomware attack that crippled the city s services for a month it was estimated to cost at least million A year before a ransomware attack slammed Baltimore s dispatch system Nevada officers maintain the state did not pay the ransom the amount of which was not disclosed The attacker has yet to be identified and the situation is still under assessment The attack against Nevada was a fairly large ransomware against a state according to Gregory Moody director of cybersecurity programs at UNLV This attack was able to spread through the state more briskly because of the decentralized nature of Nevada s cyber systems he commented Nevada s response time was good compared to others he reported It typically takes between seven and eight months to discover an attacker in a system and Nevada bureaucrats caught it faster than is usual Moody mentioned The attack cost in overtime hours or about in direct overtime wages and million for help from contractors according to the summary The million was paid for by the state s cyber insurance according to the governor s office The cost could have been much higher Moody declared When a figures breach targeted the Las Vegas-based MGM Resorts in it was expected to cost the casino giant more than million I think they got lucky noted Cameron Call chief equipment officer at the Las Vegas-based cybersecurity company Blue Paladin It sounds low compared to chosen I don t know that it s taking into account the economic cost for the state being down for as long as it was On May a state employee accidentally downloaded a malware-laced system administration tool that was made to mimic a tool frequently accessed by IT personnel according to the after-action analysis That installed a hidden backdoor to give the attacker access investigators with the cybersecurity firm Mandiant determined By August the attacker established encrypted tunnels and used a remote desktop protocol to move across the state s system gaining access to the state s password vault server The attacker created a zip file containing sensitive figures including personal information of one former state employee who was notified according to the overview Investigators have not exposed that evidence was successfully extracted or published on a site The document includes initiatives the state is taking and recommendations to better protect the state in the future such as creating a centrally-managed defense operations center and deploying endpoint detection and response a platform to improve threat detection Cybersecurity experts however say those are standard protocols that the state should have been doing for years The recommendations that they put forward are definitely solid but you know they ve been best practice for quite a while Call commented Source