The recent cyberattack on St. Paul’s city government has thrown many of its operations into turmoil. The Interlock ransomware gang, which the FBI had warned the public about just a week before the incident, claims responsibility, asserting that they stole 43 gigabytes of sensitive data without disclosing a ransom amount or timeline for payment.
During a press conference on July 29, Mayor Melvin Carter expressed concern regarding the data, particularly that of city employees. "We've been contacted by the threat actor with a specific demand for a specific ransom amount. To be clear, we have not paid that and their threat was that they would release some data ... if they weren't able to get paid," said Carter, underscoring the seriousness of the situation.
Despite the attack, the city has maintained access to its data and control over its systems. Carter indicated their approach is comprehensive. "We are doing what I lovingly refer to as a grand control-alt-delete of all of our city systems. That's our city servers; that's all of our devices, putting upgraded cybersecurity software on them,” he elaborated.
In a subsequent interview with MPR News, Carter emphasized the city's strategy to regain operational stability. The recovery plan includes manual password resets for all city employees and a thorough examination of each server and device within government oversight. He stated, "We are going to manually reset every city employee’s passwords. We expect to begin bringing systems back online this week."
Impact and Legacy
Impact and Legacy
Impact and Legacy
However, the attack’s impact on governmental functions has been substantial. Although emergency services like 911 remain operational, many essential services have suffered interruptions. Citizens are unable to pay utility bills online, and permits or business licenses must now be processed using traditional pen-and-paper methods. The online payment portal for water bills is entirely offline, with the government admitting they "cannot accept water bill payments in any form — online, by phone, or in person."
The city’s libraries have also been affected, lacking Wi-Fi, computer, or printer services. Staff members are barred from creating new accounts for patrons. As a precaution, St. Paul officials have provided alternative contact methods for residents seeking assistance. The city is also alerting the public to ignore fake invoices purportedly sent by hackers, warning residents to refrain from clicking on suspicious links or attachments.
The ramifications of this attack are far-reaching. In response to the escalating crisis, Minnesota Governor Tim Walz activated the National Guard to support city officials in their efforts to recover from the incident. "The magnitude and the sophistication of cyberattacks have just blown up over the last, even, five years. We're seeing literally every government unit, every school, every hospital, you know, every institution has to be concerned and has to think about their kind of cybersecurity protocols," stated Carter, articulating the growing concern among municipal leaders regarding cyber threats.
Just prior to the attack on St. Paul, the FBI had issued an advisory outlining how the Interlock ransomware gang has been targeting critical infrastructure and various businesses across North America and Europe. This advisory highlighted the gang's connection to Rhysida, another notorious ransomware group known for its assaults on governmental entities globally.
The troubling situation in St. Paul reflects a broader trend of increasing cyber threats against municipal systems. As cities and organizations ramp up their defenses, this incident serves as a dire reminder of the vulnerabilities that persist in digital infrastructures. The importance of robust cybersecurity measures has never been clearer, and it remains to be seen how effectively the city will respond in the aftermath of this malicious attack.
