2025 St. Paul cyberattack

Last updated

The 2025 St. Paul cyberattack was a cyberattack that started on July 25, 2025, which lead to the deployment of the National Guard in Minnesota due to, what officials stated, the magnitude and complexity of the attack. [1]

Attack

On July 29, 2025, the City of St. Paul faced a significant cyberattack that led to the activation of the Minnesota National Guard and a declaration of a state of emergency. The attack, which began on July 25, 2025, disrupted core city systems, including internal networks, online payment portals, and public Wi-Fi. [2] The attack was detected as suspicious activity on July 25, 2025, which was the first signs of the attack. [3] The attack was identified as a "deliberate, coordinated digital attack" by a sophisticated external actor targeting critical city infrastructure. [4]

The incident persisted through the weekend from July 25 to July 27, disrupting service operations. [5] To prevent escalation, city officials shut down all information systems on July 27, 2025 as a defensive measure. [6] On July 28, 2025, A full shutdown of systems began, impacting Wi-Fi at City Hall and public libraries, disabling online payment tools, and suspending network access for internal department applications. [7] Though essential emergency services, including 911 dispatch, were still completely operational. [8]

On early July 29, 2025, Mayor of St. Paul Melvin Carter publicly confirmed it was not a glitch, but a criminal cyberattack. He declared a local state of emergency empowering rapid mobilization. [9] The city of St. Paul engaged with the Federal Bureau of Investigation to assist in containment and investigation. [10] By late July 29, 2025, Governor of Minnesota Tim Walz issued an executive order activating the Minnesota National Guard’s cyber protection assets, stating the attack exceeded the city's response capabilities. [11] The deployment was intended to bolster response efforts and mitigate further impacts. [12]

On July 30, the city confirmed that despite payment systems being down and a state of emergency being in effect due to the cyber attack, workers would still receive pay checks and their wages. [13]

On August 10, 2025, the leaders of St. Paul stated that there's no more threat against security and started an initiative called "Operation Secure St. Paul" in order to restore government and local systems in St. Paul as well as securing the information of ~3,500 employees. [14] This was done through a mass password reset for their employees which around 80 computers were set up in the basement of the Roy Wilkins Auditorium at the RiverCentre in downtown St. Paul to process the password resets. [15] The mayor of St. Paul, Melvin Carter, held a discussion relating to the cyberattack confirming that it was a ransomware attack against city and government infrastructure. [16]

On August 11, 2025, after the city discovered it was a ransomware attack, the city decided to not pay the ransom that was asked and shut down all networks to isolate the incident. [17] The mayor in St. Paul confirmed that a group called "Interlock" had claimed credit for the attack, which the mayor considers a "sophisticated" and profit-driven ransomware-as-a-service organization. [18] After the city stated they wouldn't pay the ransom, the organization Interlock posted 43 gigabytes of data from the data it stole from St. Paul publicly. [19]

References

  1. Fischer, Samantha (2025-07-29). "MN National Guard deployed; St. Paul declares state of emergency in response to cyberattack". KARE . Retrieved 2025-07-29.
  2. McCabe, Addie (2025-07-29). "Gov. Walz activates MN National Guard to respond to Saint Paul cyberattack". KTTC . Retrieved 2025-07-29.
  3. Murphy, Mary (2025-07-29). "Gov. Walz activates Minnesota National Guard over St. Paul cyberattack". The Forum of Fargo-Moorhead . ISSN   0895-1292. OCLC   9563116 . Retrieved 2025-07-29.
  4. Bettin, Anthony (2025-07-29). "Gov. Walz activates Minnesota National Guard to aid St. Paul after cyberattack". CBS News . Retrieved 2025-07-29.
  5. McCabe, Addie (2025-07-29). "Gov. Walz activates MN National Guard to respond to St. Paul cyberattack". KEYC-TV . Retrieved 2025-07-29.
  6. "Minnesota calls in National Guard after St. Paul slammed by 'digital attack'". Reuters . 2025-07-29. Retrieved 2025-07-29.
  7. Albertson-Grove, Josie. "Major cyberattack hits St. Paul, shuts down many services". Minnesota Star Tribune . ISSN   2641-9556. OCLC   43369847. Archived from the original on 2025-07-29. Retrieved 2025-07-29.
  8. Reddekopp, Morgan (2025-07-29). "Minnesota National Guard activated, state of emergency declared after cyberattack against St. Paul". KSTP-TV . Retrieved 2025-07-29.
  9. "Major cyberattack hits St. Paul, shuts down many services". Austin Daily Herald . 2025-07-29. ISSN   0746-9713. OCLC   9870692 . Retrieved 2025-07-29.
  10. Gendron, Michael (2025-07-29). "Gov. Walz activates Minnesota National Guard after Saint Paul cyberattack". WDIO-DT . Retrieved 2025-07-29.
  11. Brownell, Andy (2025-07-29). "Governor Walz Activates Guard for St. Paul Cyberattack". KROC-AM . Retrieved 2025-07-29.
  12. Ornat, Marisa (2025-07-29). "Governor Walz Activates Minnesota National Guard Following Saint Paul Cyberattack". KBJR-TV . Retrieved 2025-07-29.
  13. Albertson-Grove, Josie (2025-07-30). "St. Paul cyberattack stretches into another day, city says workers will get paid". Minnesota Star Tribune . ISSN   2641-9556. OCLC   43369847 . Retrieved 2025-08-12.
  14. Cummings, Caroline (2025-08-10). "St. Paul officials say city systems will start coming online "within next week" after cyberattack". CBS News . Retrieved 2025-08-12.
  15. Derosier, Alex (2025-08-10). "Thousands to report in for password change after St. Paul ransomware attack". Yahoo News . Retrieved 2025-08-12.
  16. Fitzgerald, Kilat (2025-08-10). "St. Paul hack confirmed as ransomware attack, Mayor Carter discusses next steps". KMSP-TV . Retrieved 2025-08-12.
  17. "Digital assault that shut down St. Paul services was a ransomware attack, city officials say". Red Lake Nation News. 2025-08-11. Retrieved 2025-08-12.
  18. Halbach, Ashley (2025-08-11). "St. Paul cyberattack: Organization takes credit for ransomware attack on city, releases some data". KSTP-TV . Retrieved 2025-08-12.
  19. Lentz, Nick (2025-08-11). "Group behind St. Paul cyberattack alleges posting 43 gigabytes of stolen data online, mayor says". CBS News . Retrieved 2025-08-11.