Gov. Joe Lombardo provides an update on the cyber attack. (Photo: April Corbin Girnus/Nevada Current)
Investigators know the breadth of the recent cyber attack against the State of Nevada and still believe no personally identifiable information was compromised, Gov. Joe Lombardo said at a Friday press conference.
The governor said the “bad actor” involved is believed to have received “information through our internal system, not public based or distinct personal information. It’s information on data that is endemic to state processes or state inventory or state databases.”
He added, “Right now, the breadth of that has been identified.”
Lombardo said he could not provide specific details, echoing past press conferences where he has emphasized that the investigation is ongoing and that state and federal officials must balance transparency with security.
When asked about the motive of the attack, the governor responded, “Well, obviously it’s a ransom, right? To achieve monetary gain as a goal.”
Lombardo did not provide any details of the ransom or whether it has been paid.
Lombardo said 90% of state public-facing websites are back online.
Information on the current status of various state services can be found at oem.nv.gov/recovery.
Of those that remain down, the state is prioritizing “public safety and consistent impact,” he added. Among services still down: background checks needed for certain people attempting to buy firearms, the state’s victim notification system, and the sex offender registry lookup.
“While we are not yet at the finish line, we are moving there faster than expected,” added Lombardo.
Lombardo said the state received 150 million hits to its firewall in the 72 hours after his first press conference — 300% more than it typically receives.
He also said phishing attempts spiked after recent news reports about the state forcing all state employees to reset security credentials and passwords.
Lombardo highlighted the incidents while making a point about the need to withhold information about the technical details and nature of the cyber attack.
The governor expressed support for a legislative cybersecurity working group announced by Assembly Speaker Steve Yeager earlier this week.
“I would support any endeavor by the Legislature to identify some sort of solution to help us in this endeavor,” he said, adding that it could involve hardware, software or monetary solutions. “In my opinion, [it] has risen to an emergency, and I think it’s necessary that we address it sooner than later.”
Details on that working group are forthcoming, according to a press release from the Nevada Assembly Democratic Caucus.
Lombardo at his press conference confirmed that negotiations on a special session are still ongoing and that cybersecurity is a part of that.