The mayor of Saint Paul, Minnesota's capital, has verified that the Interlock ransomware gang is responsible for the substantial cyberattack that impacted various city systems last month. On July 29, Governor Tim Walz activated the National Guard to help address the serious disruptions caused by the attack, which were beyond the city's incident response capabilities.
"While many city services remain available, some may be temporarily delayed or disrupted due to limited system access. We appreciate your patience and understanding as we work to bring systems fully back online," the city communicated.
As a result of the attack, online payment systems for city services are currently down. However, officials reassured residents, stating, "No late fees will be assessed during this period. Additional billing and service updates will be shared once systems are restored."
The city's response involves collaboration with local, state, and federal authorities to investigate the late July cyber incident while ensuring emergency services were unaffected. Mayor Melvin Carter confirmed today that the Interlock group was behind the attack, emphasizing that residents’ personal or financial information remained secure, and that the city has declined to pay any ransom.
Interlock has recently claimed the City of Saint Paul on its dark web site, asserting they had compromised over 66,000 files and 43 gigabytes of sensitive data, with some of it already made public. "A large part of the infrastructure was damaged, brought a lot of losses and damage! Including in the worst position were residents whose data was compromised," the hacker group stated.
Emerging in September 2024, Interlock has been implicated in multiple breaches affecting organizations worldwide, with a notable focus on the healthcare sector. Previously, they were linked to attacks on ClickFix and have been known for deploying a remote access trojan called NodeSnake to infiltrate the networks of several U.K. universities.
Race Results
Race Results
Race Results
In another significant incident prior to the Saint Paul attack, Interlock claimed responsibility for a breach that resulted in the theft of 1.5 terabytes of data from DaVita, a prominent Fortune 500 company focusing on kidney care, along with a similar violation of Kettering Health, which operates over 120 outpatient facilities in the U.S.
Just days before the cyberattack on St. Paul, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued warnings regarding an uptick in cyber activity by the Interlock group, particularly targeting critical infrastructure organizations.
As investigations continue, the aftermath of the Saint Paul cyber incident highlights the ongoing threat posed by ransomware groups and underscores the need for heightened cybersecurity measures across municipalities and essential services. The repercussions of this attack may have lasting effects on the city’s digital landscape and its efforts to regain full operational capacity.
