In a bold move, Nevada officials refused to pay a ransom after a devastating cyber attack, and the results are nothing short of remarkable. On November 5, 2025, the Governor’s Technology Office (GTO) unveiled the 2025 Statewide Cyber Incident After-Action Report, detailing the state’s swift and disciplined recovery from a crippling ransomware attack in August. But here’s where it gets controversial: in an era where many organizations cave to cybercriminals’ demands, Nevada stood firm, recovering 90% of its data without paying a dime.
According to the report, the state’s success hinged on meticulous planning and strong partnerships. “We didn’t just respond—we executed with precision, then communicated transparently,” said State CIO Timothy D. Galluzi. Teams worked tirelessly alongside expert vendors like Mandiant, Microsoft DART, and Dell to contain the threat, rebuild systems securely, and restore services in a phased, measured approach. And this is the part most people miss: Nevada’s refusal to pay the ransom wasn’t just a moral stand—it was a strategic decision backed by pre-established incident playbooks, cyber insurance, and vendor agreements.
Governor Joe Lombardo praised the effort, stating, “Nevada’s teams protected our core services, paid our employees on time, and recovered quickly—all without rewarding criminals. This is what disciplined planning and talented public servants achieve for our citizens.” The numbers tell the story:
- 28 days to fully restore services across affected platforms—a timeline that outpaces many public-sector recoveries.
- ~90% of impacted data recovered, with residual items under risk-based review and enhanced monitoring.
- No ransom paid, with the response executed under cyber insurance and pre-negotiated vendor agreements.
- 4,212 overtime hours logged by 50 state employees, totaling $210,599.87 in direct OT wages (fully-loaded estimate: $259,037.84).
- $1.3 million invested in specialized partners for forensics, recovery, legal, and engineering support.
But is Nevada’s approach scalable for smaller organizations? While the state’s fiscal responsibility saved hundreds of thousands of dollars compared to an all-contractor model, it relied heavily on in-house expertise and pre-existing partnerships. This raises a thought-provoking question: Can smaller entities replicate Nevada’s success without similar resources?
Nevada’s recovery wasn’t just about speed—it was about strategic prioritization. Payroll was processed on schedule, and high-impact public safety systems were restored first, ensuring minimal disruption to citizens. “Continuity of operations was our North Star,” explained a GTO spokesperson. The state’s around-the-clock efforts, guided by 24×7 playbooks, showcased the power of disciplined execution.
Looking ahead, the After-Action Report outlines ambitious next steps, including the establishment of a centrally managed Security Operations Center (SOC), unified Endpoint Detection & Response (EDR), identity hardening, OS and application control, and expanded workforce training. But here’s the real question: As cyber threats evolve, will these measures be enough to safeguard Nevada—and other states—from future attacks?
What do you think? Is Nevada’s no-ransom strategy a model for others to follow, or is it a luxury only larger entities can afford? Share your thoughts in the comments—we’d love to hear your perspective!
Read the full report here: After-Action Report – 2025 Statewide Cyber Incident (PDF)
About the Governor’s Technology Office (GTO): The GTO secures and modernizes statewide technology for Nevada’s Executive Branch, delivering resilient, citizen-centric services through collaborative governance, disciplined project delivery, and robust cybersecurity.
