Incident Overview

On July 25, 2025, the city of St. Paul, Minnesota was struck by a major cyber-attack that disrupted critical infrastructure and forced officials to take emergency measures. Believed to be a ransomware operation, the attack prompted the city to shut down all internal systems to prevent further damage. Mayor Melvin Carter declared a state of emergency, and the Minnesota National Guard Cyber Protection Unit was activated for the first time to respond to a digital threat.

Impact on City Services

The attack caused widespread disruption across city services. Online payment systems were taken down, along with public services such as libraries and recreation centers being interrupted. Law enforcement systems were affected, forcing officers to rely on radio communications. Despite all the chaos, emergency services like 911 remained fully operational and were not compromised. City officials have yet to provide a timeline for full restoration of services.

Government Response

Governor Tim Walz activated the Emergency Operations Center, acknowledging that the scale of the attack exceeded the capabilities of local and commercial cybersecurity teams. Thirteen members of the National Guard’s cyber unit were deployed to assist with containment and recovery efforts. The FBI is also involved in the investigation, working alongside state and local officials.

Attacker Identified: Interlock Ransomware Group

In a recent update, city officials confirmed that the ransomware group responsible for the attack is known as Interlock, a threat actor that targets governments and large organizations. After the city refused to pay a ransom, Interlock released stolen data on the dark web. They have claimed to have exfiltrated over 66,000 files, 7,800 folders, and 43 gigabytes of sensitive information.

Interlock has been active since late 2024 and is known for using deceptive tactics to infiltrate systems. Tactics such as fake browser updates and security patches. The group previously targeted municipalities in Michigan, Indiana, and Scotland. Experts warn that Interlock is evolving rapidly, incorporating AI into its operations and demanding ransoms ranging from $5 million to $30 million. Mayor Carter stated that forensic teams are working server by server to ensure the threat has been fully eradicated. Even without paying a ransom, the financial toll is expected to reach into the millions

Broader Implications

St. Paul joins a growing list of U.S. cities targeted by ransomware in 2025, including Abilene, Texas earlier this year. Cybersecurity experts warn that local governments are increasingly vulnerable due to outdated infrastructure and limited budgets. The incident underscores the urgent need for stronger digital defenses and increased federal support to help municipalities protect themselves against evolving cyber threats.