Saint Paul Cyberattack Disrupts City, Interlock Ransomware Group Claims 43GB Data Theft

Authorities in Saint Paul, Minnesota, are still grappling with the aftermath of a cyberattack that crippled large portions of the city’s municipal operations. Responsibility for the incident has been claimed by the hacking group Interlock, which the FBI had warned about just a week earlier. On its website, the group boasted of stealing 43 gigabytes of data, though it did not disclose a ransom demand or deadline for payment.

City and state officials have declined to comment, and the precise scope of the stolen information remains undisclosed. However, Mayor Melvin Carter voiced particular concern over a potential leak of administrative staff data. He reassured residents that personal data stored in cloud systems was unaffected.

On July 29, the mayor stated that the city had retained access to all its systems since the attack, but was undertaking a full reinstallation and update of server and workstation software — including mandatory password changes for all employees — to bolster security. He emphasized that the administration is working in close coordination with the FBI, limiting the amount of detail it can share publicly. Carter further noted that the sophistication and scale of such attacks have grown significantly in recent years, increasingly targeting government bodies, educational institutions, hospitals, and other organizations.

The attack caused severe disruptions across city infrastructure. Emergency services, including 911, remain operational, but several key public services have been rendered inaccessible. Residents cannot pay utility bills online, and permits and licenses are being processed exclusively on paper. The city’s online water bill payment portal is down, with payments suspended entirely and late fees waived. Public libraries have lost access to Wi-Fi, computers, and printers, and new library cards cannot be issued. Alternate phone numbers and email addresses have been provided for contacting city offices.

A further complication has arisen from a wave of phishing emails sent under the guise of the city administration to more than 300,000 residents. These fraudulent messages contain fake invoices urging recipients to click malicious links. Officials have warned residents not to open attachments and to verify senders. The scale of the disruption prompted Minnesota Governor Tim Walz to deploy the National Guard to assist in restoring critical systems.

In its recent advisory, the FBI reported that Interlock is actively targeting critical infrastructure and businesses across the U.S., Canada, and Europe. U.S. analysts believe the group may have ties to the Rhysida gang, infamous for its attacks on government agencies worldwide. Interlock has previously been linked to breaches that disrupted major dialysis provider DaVita and one of Ohio’s leading healthcare systems.