St. Paul, MN — City officials have confirmed that the cyberattack that disrupted St. Paul’s internal systems was a ransomware attack, prompting a sweeping response aimed at restoring security and preventing future intrusions. The attack, which occurred over two weeks ago, led the city to shut down its network preemptively. Now, city leaders have launched Operation Secure Saint Paul, a major recovery and protection initiative.
Ransom Demand Confirmed
Mayor Melvin Carter stated on Sunday that the city had been directly contacted by the attackers with a specific ransom demand, accompanied by threats to release stolen data if payment was not made. However, he emphasized that no ransom has been paid and that, so far, there is no evidence any data was exfiltrated.
“We’ve maintained access and control of all our data and systems the entire time,” Carter said, noting the city is taking a systematic approach to rebuilding trust and security in its digital infrastructure.
Mass Password Resets and Device Checks
As part of the city’s response, about 3,500 city employees are being required to complete in-person password resets and device security checks. The operation, held at the Roy Wilkins Auditorium, is part of a citywide effort to re-secure systems before gradually bringing them back online.
This effort includes installing upgraded cybersecurity software across city servers and devices—a process Mayor Carter likened to a “grand control-alt-delete” of all city systems.
What Was Affected — and What Wasn’t
While some city services were disrupted, emergency services remained fully operational, and most public facilities—such as libraries and recreation centers—stayed open. WiFi access, however, remains down in some locations.
Importantly, city leaders reassured residents that the vast majority of citizen data is stored in cloud-based systems that were not impacted by the ransomware attack.
“The city doesn’t necessarily have your Social Security number or other sensitive data,” Carter explained, aiming to calm fears of widespread personal data breaches. Employee data was stored on affected systems, but again, there is no current evidence of a breach.
Ongoing FBI Investigation
The FBI is leading a parallel criminal investigation, working alongside the city’s own cybersecurity teams. Officials are cautioning the public to remain vigilant and be aware of how sophisticated and persistent threat actors have become.
“This isn’t just a government issue—it’s something that impacts all of us,” Carter said. “From individuals to businesses to public institutions, we all have to be on guard.”
A Cautionary Tale for Other Cities
The St. Paul ransomware attack is the latest in a rising tide of cyber threats targeting municipal systems across the country. For many experts, it’s a wake-up call that underscores the urgent need for robust, proactive cybersecurity defenses in the public sector.
As St. Paul begins its cautious system reboot, city leaders hope their response can serve as a model of transparency and resilience in the face of digital threats.
Key Takeaways:
-
Ransomware attack confirmed; city has not paid ransom.
-
No evidence so far that data was taken or leaked.
-
Operation Secure Saint Paul launched for security resets.
-
Public services mostly remained functional.
-
FBI is investigating the criminal side of the attack.
-
Mayor urges ongoing vigilance against cyber threats.
For further updates and information about the city’s response, visit St. Paul’s official website.
.png)
.png)
.png)
Post a Comment