In response to a significant cyberattack targeting the City of St. Paul, Minnesota Governor Tim Walz has activated the Minnesota National Guard to assist in the ongoing recovery and investigation efforts. This move comes after St. Paul officials declared a state of emergency, citing the scale and complexity of the incident as exceeding the city’s internal response capacity.
The cyberattack was first detected last Friday, when suspicious activity appeared on the city’s networks. The event rapidly escalated, with St. Paul’s mayor describing it as a coordinated and deliberate assault by an external, highly sophisticated actor seeking to compromise the city’s information infrastructure.
To contain the threat, St. Paul authorities shut down all city information systems. This precaution has disrupted multiple city services, including public online portals, city Wi-Fi networks, library management systems, and several internal operations. Despite these disruptions, critical emergency dispatch services such as 911 remain operational, though they are experiencing minor backend challenges.
The response involves a multi-agency collaboration. Alongside St. Paul’s own emergency operations center, state and federal agencies—including the FBI—are engaged in the investigation. Two leading national cybersecurity firms have also been contracted to assist with the technical aspects of the response and recovery. The Minnesota National Guard’s cyber protection units, renowned for their expertise in defending against digital threats, are now on the ground working closely with these teams to restore services, assess the breach’s scope, and safeguard against broader impacts.
Authorities have not identified the group or individual behind the attack, and the governor’s office notes that the investigation is ongoing. Residents are being advised to expect continued disruptions to certain city services as restoration work progresses. City, state, and federal officials are urging patience and vigilance from the public as they work to resolve the situation and bolster the city’s digital defenses for the future.
Update: The Data Leak and City’s Response
After St. Paul refused to pay the ransom, Interlock followed through on their threat and posted 43 gigabytes of data on their dark web leak site. The leaked files “appear to come largely from a single shared network drive” used by the Parks and Recreation Department.
The leaked data includes:
- Over 3,000 HR and employee-related records (job descriptions, performance reviews, internal evaluations)
- Nearly 4,800 documents relating to work plans, memos, draft proposals, and internal studies
- More than 2,000 financial or administrative files (invoices, budgets, payment records)
- At least 280 files containing identification and personal data (passport scans, driving licenses)
- Hundreds of email archives and internal correspondence
Mayor Carter characterized the released data as “varied and unsystematic,” including “everything from work documents, copies of IDs submitted for HR or travel, or even personal items like recipes”.
