The city of Saint Paul, the capital of Minnesota, has officially confirmed a major cyberattack on its systems, orchestrated by a notorious hacking collective known as the Interlock gang. This breach has led to the theft of sensitive information, locking city officials out of vital databases that are essential for the smooth operation of municipal services.
In a public statement released by Mayor Melvin Carter, it was disclosed that the Interlock ransomware group was responsible for the attack, which occurred on July 25, 2025. According to the statement, the hackers successfully infiltrated the city’s infrastructure, specifically targeting and stealing around 43 gigabytes of data. The stolen data is primarily associated with the Parks and Recreation Department, raising serious concerns about the security of public sector information.
What makes this breach especially troubling is the modus operandi of the Interlock gang. Historically, this group has not only locked their victims out of their systems but has also been known to sell the stolen data to the highest bidder. The stolen data is often used for various malicious purposes, including launching social engineering attacks or identity theft schemes. With a clear history of monetizing stolen data within a specific time frame, there are growing fears that the same fate awaits the information stolen from Saint Paul.
High Risk of Data Leak
The ransomware attack on July 25 has already passed the two-week mark, meaning that the stolen data could be released to the public or sold to third parties at any moment. The longer the data remains in the hands of the hackers, the more likely it is to be exposed, with potentially disastrous consequences for the city and its residents. It is unclear how many individuals may be affected by the breach, but the possibility of identity theft, targeted scams, and social engineering attacks now looms large.
Despite the gravity of the situation, Mayor Carter emphasized that the city of Saint Paul would not yield to the demands of the cybercriminals. The Mayor made it clear that the city has an established data continuity and recovery plan in place, which allows it to continue functioning despite the disruption. However, even without paying the ransom, there is a real concern that the stolen data could end up on the dark web or in the hands of malicious actors who could exploit it for profit.
City’s Response and Preventative Measures
In response to the breach, Mayor Carter reassured residents and employees that the city was actively taking steps to mitigate the risks posed by the stolen data. The city has offered free credit monitoring services to all city employees for the next 12 months, in an effort to help protect personal information and prevent potential financial harm resulting from the attack. Additionally, the city is working closely with cybersecurity forensic experts to assess the full scope of the breach and mitigate any further risks associated with the stolen data.
One of the most critical points raised in Carter’s statement is the stance on paying the ransom. The city has made it clear that it will not pay the ransom demand, as doing so would not only encourage further criminal behavior but also offer no guarantees of success. Even if the decryption key were provided after payment, it is unlikely that all of the encrypted data could be recovered. In fact, security experts estimate that only around 80% of encrypted data might be decrypted with a ransom payment, while the remaining data would remain permanently inaccessible.
Long-Term Security and Law Enforcement Collaboration
While the immediate steps involve offering credit monitoring and recovery from backups, Saint Paul is also taking a long-term approach to address the broader implications of the attack. The city has informed law enforcement agencies about the breach, urging them to initiate an investigation into the hacking group’s activities. The authorities are expected to ramp up their efforts to track down the attackers and prevent future incidents of this nature. In addition to mitigating the immediate risks of the breach, the collaboration with law enforcement aims to bolster overall cybersecurity awareness and preparedness in both public and private sectors.
The decision to reject the ransom demand has sparked a broader debate within the cybersecurity community. While paying ransoms may seem like a quick fix, experts warn that it only fuels the growth of ransomware gangs and offers no guarantees of a full recovery. By focusing on recovery from backups and working with law enforcement, Saint Paul aims to send a strong message that cities will not negotiate with cybercriminals.
As the situation continues to develop, Saint Paul’s residents and employees are urged to remain vigilant for potential phishing emails, fraudulent calls, and other types of social engineering attacks. With the data now potentially in the hands of criminals, the risk of further exploitation remains a serious concern.
Join our LinkedIn group Information Security Community!
