Five days after a massive ransomware attack brought down Nevada’s state servers and websites, Gov. Joe Lombardo and other top state officials detailed avenues available for people who need state services, but did not disclose new information on the perpetrators of the incursion or any data that may have been compromised.

Speaking in Las Vegas on Thursday, the governor announced a new website that will provide updates on the data recovery process, and an expanded 211 service to handle calls about the data strike. Lombardo encouraged Nevadans to dial the state’s public information hotline at 211 to receive any more information on how to access state services during the recovery period. 

“I know it's important for the public to be aware, but we can't compromise the investigation,” he said. “Transparency is present, and I'm comfortable with that. If it is something that would affect the safety of constituents of the state of Nevada, you will know.”

State officials confirmed at a separate press conference Wednesday in Carson City that a “sophisticated” cyberattack in exchange for ransom was to blame for the multiday outage that has taken down myriad state agency websites and backend internet infrastructure. Lombardo said state systems “in totality” have not been taken down by the attack because there’s no single point of failure, but that one “silo” had been compromised as part of the outage.

“We're working through it,” he said. “And I understand everybody's frustration. I'm frustrated. I wish I had the answers currently, but I have confidence in our response and our continued evaluation.”

Several major agencies have been affected by the data breach, including the Department of Motor Vehicles (DMV), the Department of Human Services and the Department of Business and Industry. Other agencies such as the Department of Employment Training and Rehabilitation and Secretary of State’s Office, operate largely on separate servers and are still functional. 

The Nevada DMV said it has brought its website online though its function is mostly to inform residents about when certain services will be back up and running after the hack; the website cannot support online transactions. Tonya Laney, director of the DMV, said the agency would waive any late fees or penalties that happened as a result of the outage. 

Lombardo reiterated on Thursday that the hackers also exfiltrated data out of the system, but it was unclear at this point what kind of data was removed and if it included personal information. During the press conference, Lombardo said it was important to not act rashly.

“Part of the responses in a lot of these environments is to be slow and methodical, as to not open up doors and to further intrusion into the system,” Lombardo said. 

A state information technology officer, who requested anonymity given the sensitive nature of the hack, told The Nevada Independent that the attack was likely a two-pronged approach of data exfiltration and encryption of servers. They said the hackers have likely encrypted information to lock the government agencies out of their servers that might host websites or other government functions. 

“There’s a lot of attacks where you’re talking about ransomware attacks, where they bring the business to its knees and say, ‘Give us money and I’ll bring it back up,’ they said in an interview. “The encryption is strong enough where in order to get around it, you’re going to have to find various clever ways to work around it.” 

On Wednesday evening, the Nevada Attorney General’s Office sent an email advising its attorneys not to use state-issued laptops, and not to have anyone outside of IT use WiFi internet in the Las Vegas office, according to a copy of an email viewed by The Nevada Independent.

During the press conference, Lombardo said the state was working to bring government systems back up as soon as possible, and said the state’s access to the National Crime Information Center (which provides law enforcement with criminal history) had been "successfully restored.” He defended the relatively sparse details about the perpetrators that have been disclosed.

“Too much of the information has been focused on the attackers,” Lombardo said. “It’s important for the public to be aware, but we can’t compromise the investigation.” 

Lombardo also addressed his absence at yesterday’s press conference and said he felt comfortable with not attending as mitigation efforts had shifted to a more technical response. The governor, who had preplanned events in Elko, Eureka and Ely on Wednesday, said he was getting hourly updates on the investigation. 

“Listen. This press conference is not intended to address my absence,” he said. “I'm here. I'm taking care of business and have never swayed from my responsibility as your governor.”

When asked about the preparedness of Nevada's technology system for such an incident, Lombardo pointed to past data security breaches at casinos in the state such as at the MGM Grand and Caesar's Palace as reasons for the state’s caution around data security. 

“I am absolutely confident in our preparedness,” Lombardo said.