79°F
weather icon Clear
Las Vegas, NV
Nevada

Expert says state governments are big targets for cybercriminals

A woman arrives at the DMV office on East Sahara Avenue to find it closed on Tuesday, Aug. 26, ...
A woman arrives at the DMV office on East Sahara Avenue to find it closed on Tuesday, Aug. 26, 2025, in Las Vegas. A cyberattack on Nevada’s computer network, identified on Aug. 24, interrupted a range of state services. (Benjamin Hager/Las Vegas Review-Journal)
More Stories
A person walks with a meal from chef Jose Andres' World Central Kitchen as they distribute ...
SNAP food assistance could end Saturday for 500K in Nevada
NV Energy building. (Las Vegas Review-Journal)
AG’s office calls NV Energy’s new mandatory demand charge ‘unlawful’
Karamo Brown, left, and Antoni Porowski appear in an episode of the TV show "Queer Eye." (Netflix)
How Hollywood productions cash in on Nevada tax credits
The Nevada Department of Motor Vehicles on East Sahara Avenue in Las Vegas. (Las Vegas Review-J ...
New Nevada DMV rule requires many motorists to begin online
By / Las Vegas Review-Journal
August 31, 2025 - 6:00 am
 

State and local governments have become big targets for cybercriminals, an expert said last week as officials worked to counter a cyberattack that has hobbled Nevada’s computer network.

“These are the organizations that operate much of the country’s critical infrastructure,” said Robert Beach, who represents a national cyber coalition that includes all 50 states, as well as cities, territories and tribes.

These governments provide “the services that Americans depend on every single day,” which, in the eyes of attackers, gives them leverage, he said in a phone interview Thursday. Beach is an executive committee member of the Multi-State Information Sharing &Analysis Center.

The attack on Nevada’s network, identified on Aug. 24, interrupted a range of state services, from the Supplemental Nutrition Assistance Program, commonly referred to as food stamps, to driver’s license renewal and vehicle registration. Nevada Highway Patrol and Nevada State Police phone lines temporarily went down. Some government data was stolen, but the type of data remains unclear.

Nevada authorities have described the attack as a “sophisticated, ransomware-based attack.” Ransomware is a type of malicious software that allows cybercriminals to gain access to a computer network. A ransomware attack involves encrypting the victim’s data, making it inaccessible and demanding a ransom to unlock it. Attackers also may threaten to release stolen data.

Authorities have provided few details about the attack, citing the ongoing investigation. The federal government, which is working with the state on the investigation, is “evaluating whether there’s a demand” for a ransom, Gov. Joe Lombardo said Thursday at a news conference.

Lombardo also said the state has no “absolute policy” regarding ransom demands, and that authorities were weighing their options.

Florida outlaws paying a ransom

Florida passed a law prohibiting state and local governments from paying a cyberattack ransom, said Beach, chief technology officer for the Florida city of Cocoa. The aim was to reduce the financial incentive for a cyberattack. North Carolina has a similar law.

Before Florida’s law was enacted in 2022, Lake City paid a $460,000 bitcoin ransom in 2019 to avoid disruption in services following a ransomware attack. Almost all of the cost was covered by insurance, according to media accounts. The attack came on the heels of a similar one in Riviera Beach, where the City Council voted to pay $600,000 to retrieve its records. The council already had approved $1 million to upgrade its computer system in the wake of the cyberattack.

Regardless of whether a ransom is paid, cyberattacks are expensive for the victims.

“It all depends on the scope and severity of the incident, but generally, they’re very, very costly,” Beach said.

In one high-profile ransomware attack, Atlanta city officials in 2018 refused to pay the $51,000 in bitcoin demanded by cybercriminals. Recovery efforts and system upgrades cost $17 million, with many public-facing systems restored within weeks or months, according to media accounts.

Two Iranian nationals were indicted, though individual culprits in such attacks often are not identified or brought to justice. Attackers may be part of criminal enterprises or threat groups from nation states such as China, Russia and Iran.

The FBI discourages paying a ransom, stating that doing so encourages further attacks and provides no guarantee that an organization will get its data back.

Public sector organizations such as state governments now face an average ransom demand of $7.7 million, according to global security company Sophos’ 2024 State of Ransomware Report.

Comprehensive data on the scope of state and local government cyberattacks was not readily available.

‘No organization is immune’

The city of St. Paul, Minnesota, is a recent victim of a cyberattack. Following the July 25 attack, critical law enforcement tools, such as laptops used in traffic stops and to share case information, were knocked offline, according to news site KSTP.com. Police said the laptops were back in service after a week.

Citywide systems were affected, including online payments for services like water and trash collection, and some data was stolen.

Interlock, a ransomware group on the dark web, had taken credit for the attack. City leaders said a ransom was not paid.

Minnesota state officials said they have seen a string of recent cyberattacks.

John Israel, Minnesota’s chief information security officer, said he could not speak to the incident in Nevada.

“Unfortunately, this and other recent events in Minnesota and across the country highlight the fact that cyberattacks continue to increase in both scale and sophistication and no organization is immune,” Israel, a Multi-State Information Sharing &Analysis Center executive committee member, wrote in an email to the Las Vegas Review-Journal.

In December, a major cyberattack forced Rhode Island to take down an online portal used by residents to obtain Medicaid and grocery benefits. Personal data stolen from Rhode Island’s public benefits network — including Social Security numbers and banking information — was later found on the dark web, according to news organization Stateline.

Rhode Island did not publicly state whether it paid a ransom after the cyberattack, but the state confirmed that the cybercriminals demanded a payment and threatened to release stolen data, according to a report by the HIPAA Journal.

Problem isn’t going away

Beach said the multistate analysis center serves as a clearinghouse for cybersecurity threat intelligence for its 19,000 members across the United States. Department of Government Efficiency cuts significantly reduced the coalition’s federal funding, he said, prompting the organization to begin to charge membership fees.

He voiced concern that the change would harm those most at risk: smaller governments without robust cybersecurity or, in some cases, without information technology staff.

“This isn’t a problem that’s going to just go away,” he said. “It’s going to require coordination, effort and investment at all levels of government — state, federal and local. We all need to be cooperating, communicating and collaborating to defend these networks. … We’ve got to invest in getting capabilities out to under-resourced communities, these small communities that the majority of Americans live in.”

Contact Mary Hynes at mhynes@reviewjournal.com or at 702-383-0336. Follow @MaryHynes1 on X.

MOST READ
Don't miss the big stories. Like us on Facebook.
THE LATEST
MORE STORIES