St. Paul, MN Mayor Confirms Ransomware Attack And Data Leak
Over two weeks after a ransomware attack disrupted operations in St. Paul, MN, Mayor Melvin Carter provided an update confirming that a cybercriminal group known as Interlock was behind the breach. The attack, which occurred on July 25, significantly impacted city services and placed employee data at risk. Interlock, described by the mayor as a “sophisticated” and “money-driven” group operating on the dark web, claims to have stolen 43 GB of data, primarily from a shared drive used by the Parks and Recreation Department.
The compromised files reportedly contain a wide range of materials, from standard work documents to personal items and ID copies submitted for HR or travel purposes. Fortunately, no payroll, permitting, or licensing data was involved. After the city refused to pay a ransom, Interlock posted the stolen data online.
The city is now undertaking a full reconstruction of its computer systems, with support from the FBI and the Minnesota National Guard. Each server and file is being reviewed, cleared, and tested before being reinstated, a process that remains ongoing. The city is still under a state of emergency, though no follow-up attack or second ransom demand has been reported.
This incident underscores the critical need for robust cybersecurity measures that go beyond reactive defense. Organizations must prioritize real-time situational awareness across their IT environments to detect threats early, respond quickly, and prevent future breaches. Without continuous visibility into system activity, even one breach can have long-lasting operational and reputational consequences. Read more about this story on our LinkedIn page
The compromised files reportedly contain a wide range of materials, from standard work documents to personal items and ID copies submitted for HR or travel purposes. Fortunately, no payroll, permitting, or licensing data was involved. After the city refused to pay a ransom, Interlock posted the stolen data online.
The city is now undertaking a full reconstruction of its computer systems, with support from the FBI and the Minnesota National Guard. Each server and file is being reviewed, cleared, and tested before being reinstated, a process that remains ongoing. The city is still under a state of emergency, though no follow-up attack or second ransom demand has been reported.
This incident underscores the critical need for robust cybersecurity measures that go beyond reactive defense. Organizations must prioritize real-time situational awareness across their IT environments to detect threats early, respond quickly, and prevent future breaches. Without continuous visibility into system activity, even one breach can have long-lasting operational and reputational consequences. Read more about this story on our LinkedIn page