St. Paul Cyberattack:
Citywide Shutdown, National Guard Deployment

Recently, the city of St. Paul—capital of Minnesota—suffered a severe ransomware attack that triggered widespread service outages and forced residents to rely on emergency protocols. The attack began on July 25, 2025, and was confirmed as a coordinated digital assault by the Interlock ransomware group.

What Happened?

• Systems Shutdown: By July 27, municipal systems—including internal networks, public Wi-Fi, and online payment portals—were shut down to prevent further damage.

• Emergency Response Activated: On July 29, Governor Walz declared a state of emergency and activated the Minnesota National Guard to assist with containment and response efforts.

• Recovery Phase: By August 10, “Operation Secure St. Paul” kicked off, including a mass password reset and system hardening.

• No Ransom Paid: Despite the attack, the city refused to pay the ransom. The Interlock group publicly released 43 GB of stolen data afterward.

What This Means for You

Not only did this attack highlight the fragility of critical municipal infrastructure in the face of cyber threats, but it also underscored the importance of:

• Robust Incident Response — including proactive shutdowns and coordinated recovery plans.

• Rapid Containment — such as deploying emergency assets like the National Guard.

• Strong Password Hygiene & Reset Mechanisms — to prevent further compromise.

For Organizations to Consider