{"id":73535,"date":"2025-11-06T15:51:45","date_gmt":"2025-11-06T20:51:45","guid":{"rendered":"https:\/\/statescoop.com\/?p=73535"},"modified":"2025-11-06T15:51:48","modified_gmt":"2025-11-06T20:51:48","slug":"nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack","status":"publish","type":"post","link":"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/","title":{"rendered":"Nevada state employee installed &#8216;malware-laced&#8217; sys admin tool, spurring ransomware attack"},"content":{"rendered":"\n<p>The Nevada state government\u2019s major <a href=\"https:\/\/statescoop.com\/nevada-ransomware-attack-2025\/\">ransomware attack<\/a> last August was precipitated by a state employee who unknowingly downloaded malware from a spoofed website, according to a report published Wednesday by the Nevada Governor\u2019s Technology Office.<\/p>\n\n\n\n<p>The <a href=\"https:\/\/s3.documentcloud.org\/documents\/26218801\/gto-statewide-cyber-event-aar-final.pdf\">report<\/a>, which details the state\u2019s four-week response and recovery following the discovery on Aug. 24 that a threat actor had breached its network defenses, provides a handful of new details, such as how the incident began and what the state has done in response and plans to do in the months ahead. Though the state discovered the attack in August, after the actor had deleted the state\u2019s backup volumes, encrypted its virtual machines and deployed the ransomware, investigators discovered the incident began as early as May 14.<\/p>\n\n\n\n<p>An employee had downloaded a \u201cmalware-laced system administration tool\u201d twice from a fraudulent website that had made itself visible through a search engine optimization poisoning campaign, in which the website enjoyed a higher-than-usual ranking in search results. The fake website\u2019s seeming authenticity was also boosted, the state found, by the threat actor\u2019s use of legitimate Google ads.<\/p>\n\n\n\n<p>Running the malware on state systems bypassed Nevada&#8217;s endpoint defenses and allowed it to &#8220;immediately&#8221; configure a backdoor that the threat actor was able to use to access state systems each time the associated user logged on. The state\u2019s Symantec Endpoint Protection tool on June 26 quarantined the malware the user had downloaded, yet the backdoor continued to allow the outside actor access.<\/p>\n\n\n\n<p>The attacker installed remote monitoring software, which included keyloggers and screen-capture capabilities, on two state systems, which compromised the accounts of both standard and privileged users. By mid-August, investigators found, the attacker had established encrypted tunnels and began using Windows\u2019 Remote Desktop Protocol to \u201cmove laterally\u201d across systems, \u201caccessing sensitive directories and even the password vault server.\u201d<\/p>\n\n\n\n<p>The actor obtained the credentials of 26 accounts, accessing more than 26,000 files and exposing more than 3,200 files. The investigators reported that only one document is thought to contain sensitive personal information. That document, the report notes, identified a former state employee, who was reportedly notified. The attacker created a zip file and split into six parts, to contain the stolen files. Investigators \u201cfound no confirmation\u201d that the data had been successfully exfiltrated or that it&#8217;s been posted to any leak site.<\/p>\n\n\n\n<p>It\u2019s possible, though, that the actor managed to extract the data and hide the evidence. Investigators found that throughout the attack, the actor had \u201cmeticulously cleared event logs to obscure their activities.\u201d<\/p>\n\n\n\n<p>To further system recovery, the state managed to recover 90% of its data. The remaining 10% of affected data was not required to restore services, the report notes, and is still being reviewed \u201con a risk-basis.\u201d<\/p>\n\n\n\n<p>The attack was highly disruptive to the state government\u2019s operations and the availability of its services. The investigation began with the state discovering the attack on Aug. 24 and notifying its cybersecurity insurance provider, who recommended it contact Mandiant, citing the cybersecurity firm\u2019s \u201cdeep\u201d expertise in handling ransomware threats. The state\u2019s technology agency did so, and eventually recruited the effort of a total of 14 vendors in its response, including Microsoft\u2019s Disaster and Recovery Team, Aeris, Broadcom, Cisco and Dell, along with the usual cohort of local, state and federal law enforcement agencies, including the FBI and Department of Homeland Security.<\/p>\n\n\n\n<p>The state tallied 60 of its agencies that had been affected, including some of its most critical: Health and Human Services, Motor Vehicles, and Public Safety. Residents were, for weeks in some instances, unable to access healthcare services, transportation or enjoy the usual level of public safety services.<\/p>\n\n\n\n<p>The report, which is credited primarily to Mark Hellbusch, director of cybersecurity and privacy services at Info-Tech Research Group, along with input from key officials at the Governor\u2019s Technology Office, is frequently self-congratulatory, pointing out that the state\u2019s recovery period of 28 days is under the national average, and that relatively little sensitive data seems to have been compromised.<\/p>\n\n\n\n<p>\u201cThe foresight of Executive Branch Leadership and the State Legislature in funding key cybersecurity initiatives helped ensure a potential full-scale ransomware event was contained and remediated,\u201d the report reads. \u201cThe resilience shown throughout this event reflects Nevada\u2019s technical capabilities and the dedication of the teams responsible for protecting them.\u201d<\/p>\n\n\n\n<p>The report\u2019s writers estimate that the total cost of external vendor support for the incident was approximately $1.3 million. In a state legislative hearing last month, state Chief Information Officer Timothy Galluzi <a href=\"https:\/\/statescoop.com\/nevadas-big-cyberattack-spurs-two-new-projects\/\">said he expected<\/a> that the state\u2019s $7 million cybersecurity-insurance policy would easily cover recovery costs.<\/p>\n\n\n\n<p>The state saved on its recovery costs by using its own workforce, rather than outsourcing much of the extra work to vendors. During the four weeks of recovery, state workers involved in the effort logged more than 4,200 overtime hours, costing the state more than $200,000, as they worked nights, weekends and holidays. The report estimates that relying heavily on vendors would have cost the state an additional $478,000.<\/p>\n\n\n\n<p>The report notes that staff were working at an \u201cemergency operations tempo.\u201d During last month\u2019s hearing, Galluzi said he was proud of the staff involved, who had not been required to work overtime.<\/p>\n\n\n\n<p>\u201cThey worked 18, 20-plus hour days for weeks,\u201d Galluzi told lawmakers during an Oct. 16 hearing before the state\u2019s interim finance committee. \u201cThey didn\u2019t take days off. They didn\u2019t take vacation. They gave up holidays, they gave up everything just to get Nevada back to work, just to get all of those things back online for Nevadans. It wasn\u2019t required of them. They volunteered it. And it was out of that sacred sense of duty, out of that sacred mission that they all believed in. It\u2019s because they cared.\u201d<\/p>\n\n\n\n<p>The state was presented with a note demanding a ransom, but the report does not disclose how much the actor wanted, nor any other details. Ceding to the actor\u2019s demands was apparently never a serious consideration. The report notes the state&#8217;s \u201cfirm position\u201d against paying ransoms.<\/p>\n\n\n\n<p>The report credits the state\u2019s rapid response in August with its solid incident response plan, which was created over the last five years. The report notes that this episode \u201cunderscores the importance of having a well-rehearsed incident response plan and trusted partnerships with legal and cybersecurity professionals,\u201d and that the plan had \u201cminimized the impact\u201d of the attack.<\/p>\n\n\n\n<p>The attack naturally led the state to shore up many of its defenses, the report notes, including instating changes to impede lateral movement on its networks, better protecting and preventing the sharing of privileged accounts, better securing passwords, fixing the privileges of accounts that had been granted more privileges than they needed, and instating a \u201cprinciple of least privilege,\u201d ensuring that users are only granted access to the data and services they absolutely need.<\/p>\n\n\n\n<p>The attack is also leading to additional investments in cybersecurity, including the creation of a statewide cybersecurity operations center, intended to \u201cunify monitoring efforts, reduce response times, and support proactive defense strategies. It will also facilitate better coordination across agencies and vendors, ensuring a consistent security posture statewide,\u201d the report reads.<\/p>\n\n\n\n<p>The state also plans to boost its cybersecurity training campaign, drawing on educational resources from Microsoft.<\/p>\n\n\n\n<p>Lawmakers <a href=\"https:\/\/statescoop.com\/nevadas-big-cyberattack-spurs-two-new-projects\/\">last month approved<\/a> the state technology office\u2019s requests to use more than $300,000 in already approved federal cyber funding to further its SOC and endpoint-detection projects.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A report from the technology division of Nevada Gov. Joe Lombardo&#8217;s office explains how the state&#8217;s recent ransomware attack got started.<\/p>\n","protected":false},"author":205,"featured_media":73540,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"disable_grayscale_images":true,"grayscale_contrast":0,"sponsored_content":false,"display_author_bio":true,"story_type":"","footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[20646],"tags":[19,213,262,12809,16536,16537,23566,25970],"people":[],"special-report":[],"authors":[4696],"class_list":["post-73535","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ransomware","tag-nevada","tag-malware","tag-mandiant","tag-cybersecurity","tag-cyberattack","tag-timothy-galluzi","tag-gov-joe-lombardo","author-colin-wood"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.5 (Yoast SEO v24.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Nevada state employee installed &#039;malware-laced&#039; sys admin tool, spurring ransomware attack | StateScoop<\/title>\n<meta name=\"description\" content=\"A report from the technology division of Nevada Gov. Joe Lombardo&#039;s office explains how the state&#039;s recent ransomware attack got started.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Nevada state employee installed &#039;malware-laced&#039; sys admin tool, spurring ransomware attack | StateScoop\" \/>\n<meta property=\"og:description\" content=\"A report from the technology division of Nevada Gov. Joe Lombardo&#039;s office explains how the state&#039;s recent ransomware attack got started.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"StateScoop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/StateScoop\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-06T20:51:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-06T20:51:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2025\/11\/screenshot-1-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1300\" \/>\n\t<meta property=\"og:image:height\" content=\"780\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Colin Wood\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@State_Scoop\" \/>\n<meta name=\"twitter:site\" content=\"@State_Scoop\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/\",\"url\":\"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/\",\"name\":\"Nevada state employee installed 'malware-laced' sys admin tool, spurring ransomware attack | StateScoop\",\"isPartOf\":{\"@id\":\"https:\/\/statescoop.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2025\/11\/screenshot-1-1.jpg\",\"datePublished\":\"2025-11-06T20:51:45+00:00\",\"dateModified\":\"2025-11-06T20:51:48+00:00\",\"description\":\"A report from the technology division of Nevada Gov. Joe Lombardo's office explains how the state's recent ransomware attack got started.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/#primaryimage\",\"url\":\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2025\/11\/screenshot-1-1.jpg\",\"contentUrl\":\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2025\/11\/screenshot-1-1.jpg\",\"width\":1300,\"height\":780,\"caption\":\"(Getty Images)\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/statescoop.com\/#website\",\"url\":\"https:\/\/statescoop.com\/\",\"name\":\"StateScoop\",\"description\":\"Latest news and events in state and local government technology\",\"publisher\":{\"@id\":\"https:\/\/statescoop.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/statescoop.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/statescoop.com\/#organization\",\"name\":\"StateScoop\",\"url\":\"https:\/\/statescoop.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/statescoop.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2023\/01\/StateScoop-Black.png\",\"contentUrl\":\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2023\/01\/StateScoop-Black.png\",\"width\":1470,\"height\":186,\"caption\":\"StateScoop\"},\"image\":{\"@id\":\"https:\/\/statescoop.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/StateScoop\/\",\"https:\/\/x.com\/State_Scoop\",\"https:\/\/www.linkedin.com\/company\/statescoop\/\",\"https:\/\/www.youtube.com\/@StateScoop\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Nevada state employee installed 'malware-laced' sys admin tool, spurring ransomware attack | StateScoop","description":"A report from the technology division of Nevada Gov. Joe Lombardo's office explains how the state's recent ransomware attack got started.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/","og_locale":"en_US","og_type":"article","og_title":"Nevada state employee installed 'malware-laced' sys admin tool, spurring ransomware attack | StateScoop","og_description":"A report from the technology division of Nevada Gov. Joe Lombardo's office explains how the state's recent ransomware attack got started.","og_url":"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/","og_site_name":"StateScoop","article_publisher":"https:\/\/www.facebook.com\/StateScoop\/","article_published_time":"2025-11-06T20:51:45+00:00","article_modified_time":"2025-11-06T20:51:48+00:00","og_image":[{"width":1300,"height":780,"url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2025\/11\/screenshot-1-1.jpg","type":"image\/jpeg"}],"author":"Colin Wood","twitter_card":"summary_large_image","twitter_creator":"@State_Scoop","twitter_site":"@State_Scoop","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/","url":"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/","name":"Nevada state employee installed 'malware-laced' sys admin tool, spurring ransomware attack | StateScoop","isPartOf":{"@id":"https:\/\/statescoop.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/#primaryimage"},"image":{"@id":"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2025\/11\/screenshot-1-1.jpg","datePublished":"2025-11-06T20:51:45+00:00","dateModified":"2025-11-06T20:51:48+00:00","description":"A report from the technology division of Nevada Gov. Joe Lombardo's office explains how the state's recent ransomware attack got started.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/#primaryimage","url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2025\/11\/screenshot-1-1.jpg","contentUrl":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2025\/11\/screenshot-1-1.jpg","width":1300,"height":780,"caption":"(Getty Images)"},{"@type":"WebSite","@id":"https:\/\/statescoop.com\/#website","url":"https:\/\/statescoop.com\/","name":"StateScoop","description":"Latest news and events in state and local government technology","publisher":{"@id":"https:\/\/statescoop.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/statescoop.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/statescoop.com\/#organization","name":"StateScoop","url":"https:\/\/statescoop.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/statescoop.com\/#\/schema\/logo\/image\/","url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2023\/01\/StateScoop-Black.png","contentUrl":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2023\/01\/StateScoop-Black.png","width":1470,"height":186,"caption":"StateScoop"},"image":{"@id":"https:\/\/statescoop.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/StateScoop\/","https:\/\/x.com\/State_Scoop","https:\/\/www.linkedin.com\/company\/statescoop\/","https:\/\/www.youtube.com\/@StateScoop"]}]}},"parsely":{"version":"1.1.0","canonical_url":"https:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/","smart_links":{"inbound":0,"outbound":0},"traffic_boost_suggestions_count":0,"meta":{"@context":"https:\/\/schema.org","@type":"NewsArticle","headline":"Nevada state employee installed &#8216;malware-laced&#8217; sys admin tool, spurring ransomware attack","url":"http:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/","mainEntityOfPage":{"@type":"WebPage","@id":"http:\/\/statescoop.com\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\/"},"thumbnailUrl":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2025\/11\/screenshot-1-1.jpg?w=150&h=150&crop=1","image":{"@type":"ImageObject","url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2025\/11\/screenshot-1-1.jpg"},"articleSection":"Cybersecurity","author":[{"@type":"Person","name":"Colin Wood","url":"https:\/\/statescoop.com\/author\/colin-wood\/"}],"creator":["Colin Wood"],"publisher":{"@type":"Organization","name":"StateScoop","logo":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2023\/01\/cropped-ss_favicon.png"},"keywords":["cyberattack","cybersecurity","gov. joe lombardo","malware","mandiant","nevada","ransomware","timothy galluzi"],"dateCreated":"2025-11-06T20:51:45Z","datePublished":"2025-11-06T20:51:45Z","dateModified":"2025-11-06T20:51:48Z"},"rendered":"<script type=\"application\/ld+json\" class=\"wp-parsely-metadata\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@type\":\"NewsArticle\",\"headline\":\"Nevada state employee installed &#8216;malware-laced&#8217; sys admin tool, spurring ransomware attack\",\"url\":\"http:\\\/\\\/statescoop.com\\\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\\\/\",\"mainEntityOfPage\":{\"@type\":\"WebPage\",\"@id\":\"http:\\\/\\\/statescoop.com\\\/nevada-state-employee-installed-malware-laced-sys-admin-tool-spurring-ransomware-attack\\\/\"},\"thumbnailUrl\":\"https:\\\/\\\/statescoop.com\\\/wp-content\\\/uploads\\\/sites\\\/6\\\/2025\\\/11\\\/screenshot-1-1.jpg?w=150&h=150&crop=1\",\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/statescoop.com\\\/wp-content\\\/uploads\\\/sites\\\/6\\\/2025\\\/11\\\/screenshot-1-1.jpg\"},\"articleSection\":\"Cybersecurity\",\"author\":[{\"@type\":\"Person\",\"name\":\"Colin Wood\",\"url\":\"https:\\\/\\\/statescoop.com\\\/author\\\/colin-wood\\\/\"}],\"creator\":[\"Colin Wood\"],\"publisher\":{\"@type\":\"Organization\",\"name\":\"StateScoop\",\"logo\":\"https:\\\/\\\/statescoop.com\\\/wp-content\\\/uploads\\\/sites\\\/6\\\/2023\\\/01\\\/cropped-ss_favicon.png\"},\"keywords\":[\"cyberattack\",\"cybersecurity\",\"gov. joe lombardo\",\"malware\",\"mandiant\",\"nevada\",\"ransomware\",\"timothy galluzi\"],\"dateCreated\":\"2025-11-06T20:51:45Z\",\"datePublished\":\"2025-11-06T20:51:45Z\",\"dateModified\":\"2025-11-06T20:51:48Z\"}<\/script>","tracker_url":"https:\/\/cdn.parsely.com\/keys\/statescoop.com\/p.js"},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2025\/11\/screenshot-1-1.jpg","distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"StateScoop","distributor_original_site_url":"https:\/\/statescoop.com","push-errors":false,"_links":{"self":[{"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/posts\/73535","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/users\/205"}],"replies":[{"embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/comments?post=73535"}],"version-history":[{"count":1,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/posts\/73535\/revisions"}],"predecessor-version":[{"id":73541,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/posts\/73535\/revisions\/73541"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/media\/73540"}],"wp:attachment":[{"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/media?parent=73535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/categories?post=73535"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/tags?post=73535"},{"taxonomy":"people","embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/people?post=73535"},{"taxonomy":"special-report","embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/special-report?post=73535"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/authors?post=73535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}