On July 29, 2025, the city of St. Paul, Minnesota, found itself grappling with a significant cyber crisis that led to the activation of the Minnesota National Guard. The incident, which unfolded with the initial signs detected on July 25, escalated into a coordinated digital assault targeting essential city systems, prompting city officials to declare a state of emergency.
"It was not a glitch, but a criminal cyberattack," stated St. Paul Mayor Melvin Carter on the morning of July 29, formally announcing the city's predicament. Core city infrastructure was disrupted, impacting online payment portals, internal networks, and public Wi-Fi access. In response to the growing threat, city officials took preventive measures by shutting down all information systems on July 27.
"It was not a glitch, but a criminal cyberattack,"
The attack, identified as orchestrated by an advanced external actor, was described as a deliberate and complex threat to critical urban operations. City's systems shut down, including access to City Hall Wi-Fi and public libraries, although emergency services like 911 dispatch maintained full operational capacity throughout the crisis.
As the situation intensified, on July 29, Governor Tim Walz weighed in, issuing an executive order that mobilized Minnesota's National Guard cyber protection assets. He explained the action was necessary due to the attack's complexity, stating, "The threat exceeded the city's response capabilities." This mobilization aimed to enhance the city's defensive measures and minimize further complications.
Despite the chaos, the city confirmed on July 30 that municipal employees would still receive their paychecks. This decision aimed to reassure workers amid turmoil, showcasing the city’s commitment to maintaining essential services even during extraordinary circumstances.
Impact and Legacy
Impact and Legacy
Impact and Legacy
By August 10, city leaders, confident that the immediate threat had passed, initiated "Operation Secure St. Paul." This program focused on restoring city systems and securing sensitive employee information, impacting over 3,500 staff members. To facilitate this, the city set up around 80 computers in the basement of the Roy Wilkins Auditorium to process mass password resets for affected personnel. Mayor Carter emphasized the importance of this initiative as a step toward recovery post-attack.
The nature of the cyberattack, initially shrouded in uncertainty, was later confirmed to be a ransomware incident. On August 11, as the city assessed the damage and implications, Mayor Carter made it clear that the city would not comply with the ransom demanded by the attackers. "A sophisticated, profit-driven organization known as 'Interlock' has claimed responsibility,” he noted, outlining the organization’s operation as one utilizing ransomware-as-a-service.
Looking Ahead
Looking Ahead
This refusal to pay the ransom soon bore repercussions; Interlock retaliated by releasing 43 gigabytes of stolen data online, further complicating the recovery effort. As the situation unfolded, analysts stressed the importance of robust cybersecurity measures in protecting municipal systems and preventing future incidents.
Looking Ahead
Looking ahead, the response to the St. Paul cyberattack serves as a reminder of the vulnerabilities faced by urban infrastructures in an increasingly digital age. The city’s proactive measures and the lessons learned from this event will play a pivotal role in enhancing its defenses against potential future threats, aiming for a stronger, more resilient St. Paul.
