Interlock Ransomware Group Exposes 43GB of Data in St. Paul Cyberattack

The city of St. Paul, Minnesota, has fallen victim to a ransomware attack attributed to the Interlock group, resulting in the exposure of 43GB of sensitive data. In response, city officials have opted to refuse the ransom and launched Operation Secure St. Paul, collaborating with the FBI and the National Guard.

On July 25, 2025, St. Paul, a city home to over 311,000 residents, experienced significant disruptions due to the cyberattack. The attack impacted various online payment systems and city services at public libraries and recreation centers, causing widespread operational challenges.

In addressing the breach, Minnesota Governor Tim Walz activated the National Guard’s cyber protection unit to assist in recovery efforts. Mayor Melvin Carter confirmed the nature of the attack as ransomware and firmly stated that the city would not pay the ransom, marking a clear refusal to engage with the attackers. This stance notably delayed the mayor’s State of the City address, emphasizing the attack’s far-reaching implications.

Interlock, a ransomware group that commenced operations in late 2024, has publicly claimed responsibility and alleged that they stole 43GB of data from the city’s servers. They have gone as far as to publish images purportedly showing documents acquired from St. Paul, criticizing the city’s security measures as “careless and irresponsible,” potentially compromising resident data.

The extent of the data breach remains unverified by city officials, who have yet to disclose specifics about the stolen information or how the hackers gained access. Nevertheless, the mayor’s office insists that they have maintained access to their systems and data, and the recovery operation has been designated as Operation Secure St. Paul.

As an immediate measure, the city is implementing a global reset of passwords for its approximately 3,500 employees, aimed at securing user accounts and preventing further unauthorized access. The FBI is spearheading the investigation, while the National Guard’s IT sector works on restoring critical city services post-password reset.

Source

Related Posts

Crypt Ghouls Target Russian Businesses with LockBit 3.0 and Babuk Ransomware Attacks

October 19, 2024
Network Security / Data Breach

A newly emerging threat group known as Crypt Ghouls has been identified in a series of cyberattacks aimed at Russian firms and government agencies. Their operations feature ransomware as a primary tool, focusing on disrupting business activities while reaping financial benefits. According to Kaspersky, “The group utilizes an arsenal of tools including Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, among others.” The primary ransomware employed in these attacks includes the notorious LockBit 3.0 and Babuk variants. Victims encompass various sectors, including government, mining, energy, finance, and retail throughout Russia. Kaspersky noted that they were able to identify the initial breach method in only two cases, where the attackers exploited a contractor’s VPN credentials to gain access to internal systems. These VPN connections reportedly came from IP addresses linked to a Russian hosting provider.

THN Cybersecurity Highlights: Key Threats, Innovations, and Updates (Oct 14 – Oct 20)

Oct 21, 2024
Cybersecurity / Weekly Summary

Hello! Here’s your concise update on the latest happenings in cybersecurity. Hackers are adopting innovative tactics to breach systems once thought secure—like discovering hidden entry points in locked buildings. The silver lining? Security experts are counteracting with advanced tools to safeguard data. Some major companies faced attacks, while others managed to patch their vulnerabilities just in time. The struggle continues! For optimal protection, remember to keep your devices and applications updated.

In this newsletter, we’ll delve into the top stories. Whether you’re focused on personal data protection or overseeing security for a business, we’ve got valuable tips for you.

Let’s dive in!

Threat of the Week
China Claims Volt Typhoon is a U.S. Creation: China’s National Computer Virus Emergency Response Center (CVERC) has alleged that the threat actor known as Volt Typhoon is a fabrication of U.S. intelligence agencies and their allies, accusing the U.S. of executing false flag operations.