Skip to content
Photo of the St Paul Minnesota skyline

Photo by iStock

St. Paul Unplugs After Major Cyberattack

By Claire Meyer
31 July 2025

Today in Security

The city of St. Paul, Minnesota, shut down its government IT systems on 28 July to isolate key infrastructure from potential damage after a major cyberattack targeted essential systems and digital services.

“This was not a system glitch or technical error,” said Mayor Melvin Carter in a news conference on 29 July. “This was a deliberate, coordinated digital attack carried out by a sophisticated external actor intentionally and criminally targeting our city’s information infrastructure.”

The city detected the attack on 25 July, and officials conducted a precautionary network shutdown of Wi-Fi and Internet-based systems, including at City Hall and within public libraries. City services were taken offline, except 911 and other public safety operations. Libraries and recreation centers remained open, but without Internet access, according to the Twin Cities Pioneer Press.

Information systems for Ramsey County—where St. Paul is located—were not affected by the security incident or network shutdown, but county workers were discouraged from emailing or interacting with city offices.

The city is using some analog backups for many systems, including city payroll, while services are restored, The Minnesota Star Tribune reported.

It is unclear if any information was stolen, and officials have not disclosed any requests for ransom. It remains unknown who orchestrated the attack, although a coalition of investigators are digging into the matter. Carter declared a local state of emergency, which authorized the city to call in support from local, state, and federal partners, including the FBI.

Minnesota Governor Tim Walz also issued an executive order to call in 13 specialists from the state’s National Guard’s cyber protection unit, which is helping determine what data was affected and restoring the city’s systems. The unusual move bolsters the city’s ability to cope with the magnitude and complexity of the breach, according to the governor’s office.

“Calling in the National Guard for a cyberattack is a new approach; I have not heard of that before,” said Chris Hauk, computer privacy champion at Pixel Privacy, in a statement emailed to Security Management. “This has all the earmarks of a cyberattack using ransomware, which usually not only holds the affected system’s hostage, but also harvests data from those same systems. Hopefully, the state will be able to determine what data has been stolen and will inform affected citizens of what was harvested. Until then, St. Paul citizens and companies working with the city need to remain on alert for phishing attempts, and other attempts by bad actors attempting to leverage the harvested information.”

Fraud attempts have already begun. According to the St. Paul city website, several people have received fraudulent invoices claiming to be from the city offering ways to pay online bills for city services while official channels are offline.

Ransomware attacks against municipalities and government agencies are on the rise. In the first half of 2025, Comparitech logged 208 ransomware attacks on government agencies worldwide—a 65 percent increase in attacks compared to the same period of 2024.

 

Focus on Agentic AI

What is Agentic AI?

Risk vs. Reward: What Security Leaders Need to Know When Using Agentic AI

Defending Against Online Fraud in the Age of Agentic AI

3 Non-Negotiables for CISOs in the Agentic Era

How to Use AI Responsibly to Prevent SOC Analyst Burnout

Best of Security Management

A Cascading Crisis: U.S. Federal Prisons Grapple with Decades of Unsafe Understaffing

The Other Side of the Looking Glass: Providing Security for Marches and Rallies

Is Your Workplace Toxic? Here's What You Need to Do

Preventing Workplace Violence: Holistic Support Starts with Listening to Nurses

What to Add to a Rules of Engagement Document

What is Agentic AI?
arrow_upward