St Paul Ransomware Crisis Disrupts City Emergency Systems
St Paul's emergency services faced delays and outages after ransomware impacted city infrastructure. Critical digital systems were suspended, and sensitive data was leaked by attackers.
In July 2025, St. Paul, Minnesota suffered a major ransomware attack targeting its city government infrastructure. The attack disrupted many digital municipal services including billing portals, public Wi-Fi, library networks, and internal staff systems.
Emergency Service Disruption
Essential emergency services like 911 dispatchers operated through backup and manual procedures. While response times were impacted and city operations slowed, there was no total blackout or catastrophically long outage as some reports have claimed. Mayor Melvin Carter described the event as “one of the most severe infrastructure failures in our history."
How the Attack Unfolded
The Interlock ransomware group infiltrated city networks beginning July 25, 2025, ultimately encrypting systems and exfiltrating sensitive data. City leaders refused to pay the ransom and immediately focused on isolating networks and restoring backups. The attackers responded by leaking about 43GB of city documents, primarily from the Parks and Recreation department, onto the dark web.
St. Paul emergency operations center during ransomware crisis
Scope of the Damage
| System | Duration | Impact |
|---|---|---|
| 911 Call Centers | Limited hours | Delays, rerouting, backup procedures |
| City Websites | Several days | Public portals and billing offline |
| Internal Systems | Several days | Staff email, payroll, access issues |
| Data Leak | Ongoing | 43 GB city records publicized |
Why Municipal Systems Are Vulnerable
Like many US cities, St. Paul’s municipal infrastructure has lagged behind in cybersecurity upgrades, leaving critical systems exposed to complex ransomware campaigns. National trends confirm a sharp uptick in attacks on underfunded public-sector organizations in 2025.
Technical Details
Security experts attribute the incident to exploitation of managed file transfer (MFT) vulnerabilities possibly related to the GoAnywhere platform, but not all technical details have been confirmed publicly. Forensic investigations are ongoing.
The National Guard and Recovery Efforts
Governor Tim Walz activated the Minnesota National Guard Cyber Protection Team and city IT professionals worked alongside federal partners to restore networks. Mass password resets and reconfiguration helped accelerate recovery.
AI Generated Image | AI Generated Image