2025 Statewide Cyber Incident After-Action Report: Nevada's Resilient Recovery

Read 2025 Statewide Cyber Incident After-Action Report: Nevada's Resilient Recovery on RadioNOVO

2025 Statewide Cyber Incident After-Action Report: Nevada's Resilient Recovery

The Governor's Technology Office (GTO) has released the 2025 Statewide Cyber Incident After-Action Report, detailing Nevada's recovery from a ransomware attack in August. The state did not pay a ransom, restored services within four weeks, and recovered 90% of impacted data. Governor Joe Lombardo commended the disciplined planning, talented public servants, and strong partnerships that led to the successful recovery.

Nevada's teams protected core services, paid employees on time, and recovered quickly without giving in to the criminals' demands. State CIO Timothy D. Galluzi highlighted the coordinated efforts of staff, agency partners, and expert vendors in containing the threat, rebuilding securely, and bringing services back online in phases.

The state engaged pre-positioned experts for forensics, recovery, and legal/privacy support, including Mandiant, Microsoft DART, Dell, SHI/Palo Alto, BakerHostetler, and local engineering support from Aeris. The After-Action Report outlines plans for hardening and modernization, such as establishing a centrally managed Security Operations Center (SOC), implementing unified Endpoint Detection & Response (EDR), enhancing identity security, and expanding workforce training to combat evolving threats.

For more details, you can read the full report: After-Action Report – 2025 Statewide Cyber Incident (PDF). The Governor's Technology Office (GTO) is responsible for securing and modernizing statewide technology for the Executive Branch, ensuring resilient, citizen-centric services through collaborative governance, disciplined project delivery, and robust cybersecurity.