Checklist 439: NV Update and Multi-Extortion Attacks

Nevada’s Recovery From Ransomware Attack: Conflicting Updates and Lingering Worries

Nearly two weeks after a ransomware attack disrupted Nevada’s state systems, residents are still encountering mixed messages and inconsistent service restoration.

According to FOX5 Las Vegas, the Department of Motor Vehicles (DMV) attempted to restart operations Tuesday with outside kiosks, allowing some services like registration renewals. But long lines and recurring kiosk errors left many frustrated, sending some customers to the back of the line after hours of waiting【FOX5†source】.

At the same time, the DMV’s public information officer told The Center Square that offices had reopened and its MyDMV online portal was “up and running.” Yet when the outlet checked, transactions for driver’s licenses, IDs, and address changes remained unavailable.

Beyond the DMV, some state departments remain offline, including Gov. Joe Lombardo’s new Nevada Health Authority and the Office of New Americans. The governor himself has spoken publicly about the attack only once in the 11 days since it was discovered, citing the ongoing federal investigation as the reason for withholding details.

The state has promoted oem.nv.gov/recovery as a “single source of truth” for service status updates, but the site has been criticized for outdated posts and infrequent updates — twice daily at 11 a.m. and 3 p.m. In some cases, its notices still reference closures from weeks prior.

Officials have confirmed that data was exfiltrated during the attack, though it remains unclear whether personal information of Nevada residents was compromised. If so, the state says it will notify individuals “by mail or electronic notice,” a vague promise that cybersecurity experts warn could enable phishing scams.

To its credit, Nevada has issued precautionary guidance: residents are urged to watch for scams, use strong passwords with multi-factor authentication, monitor credit and benefits, and verify unexpected government communications through a second, trusted channel.

Meanwhile, the recovery effort continues — but public trust may take longer to restore than the state’s systems.

From Single to Quadruple: Understanding Multi-Extortion Ransomware

A lighthearted remark in last week’s Nevada ransomware episode sparked a deeper dive this week into the evolution of cybercriminal tactics. What began as a quip — “Is there any other kind [than double extortion]?” — turned into a serious discussion after SecureMac CTO Israel Torres pointed to research from Palo Alto Networks on the growing sophistication of ransomware attacks.

According to Palo Alto’s breakdown, there are now four established levels of multi-extortion ransomware:

• Single Extortion: Attackers encrypt files or systems, demanding ransom for decryption. This was the hallmark of early ransomware such as WannaCry and CryptoLocker. Victims with reliable backups could often recover without paying.
• Double Extortion: Criminals add data theft to the mix, threatening to leak or sell stolen information if ransom demands are ignored. This method has become standard in recent years.
• Triple Extortion: A third layer of pressure, often through additional attacks such as distributed denial-of-service (DDoS), designed to disrupt services and escalate urgency if initial threats fail.
• Quadruple Extortion: Attackers widen their scope by targeting third-party associates of the victim. Palo Alto highlights a case where, after hardware supplier Quanta resisted ransom demands, cybercriminals went after Apple — one of Quanta’s clients.
  

The discussion underscores how ransomware groups are no longer satisfied with a single avenue of leverage. Each escalation multiplies the risks for victims, from downtime and data exposure to collateral damage affecting partners and customers.