The State of Nevada’s Governor’s Technology Office (GTO), under the leadership ofthe Office of the CIO, coordinated the remediation of a targeted cybersecuritybreach that disrupted state systems for approximately 28 days. The incident wasinitiated through a Search Engine Optimization poisoning campaign where anattacker embedded malicious code into a trusted online resource frequentlyaccessed by state IT personnel. This code was downloaded and installed on aninternal workstation, bypassing endpoint defenses and granting unauthorizedaccess to critical systems. The threat actor (TA) deployed an attack aimed at takingstate systems offline and left behind a note with instructions on how to recover theencrypted systems and data, in an attempt to extort the State.