St. Paul cyberattack shut down city online systems, prompting officials to refuse ransom and launch a comprehensive recovery—Operation Secure St. Paul. The city brought in the National Guard and the FBI to secure its digital infrastructure.
The Attack and Immediate Response
The cyberattack started on July 25, when suspicious activity disrupted payment systems, public Wi‑Fi, and internal city services. In response, city officials shut down all information systems by July 28 to contain the threat. Despite the shutdown, emergency services like 911 remained operational.
Ransom Refused, Data Leaked
The Interlock ransomware gang claimed responsibility, saying it exfiltrated 43 GB of data and posted it on their leak site. Mayor Melvin Carter confirmed that St. Paul has maintained control of all systems and refused to pay the ransom.
Recovery: Operation Secure St. Paul
- The city initiated a global password reset for its 3,500 employees.
- A physical hub was set up at Roy Wilkins Auditorium with 80 laptops, allowing secure, in-person resets
- Officials are combing through servers and installing upgraded cybersecurity software with help from the FBI and National Guard
Ongoing Impact
While core services like emergency response remained functional, residents couldn’t pay their utility bills online, and libraries and recreation centres lost public Wi‑Fi and computer services.
Conclusion
St. Paul cyberattack triggered a major shutdown—but city leaders refused to negotiate with attackers. Operation Secure St. Paul includes sweeping password resets, system rebuilds, and cybersecurity upgrades. The collaboration with the National Guard and FBI underscores the city’s commitment to resilience and public trust.
0 responses to “St. Paul Cyberattack: City Resists Ransom, Scrubs Data”