On July 28, 2025, the City of St. Paul, Minnesota, shut down its government IT systems in response to a cyberattack detected three days earlier. The attack targeted critical infrastructure, prompting city officials to take key systems offline to prevent further damage. While 911 and emergency services remained operational, internet-based services at City Hall, libraries, and recreation centers were suspended.
Mayor Melvin Carter confirmed the incident was a “deliberate, coordinated digital attack” carried out by a sophisticated threat actor. As of now, no ransomware demand has been publicly disclosed, and it remains unclear whether any data was exfiltrated.
To contain the threat, the city activated analog backup procedures, including for payroll, and declared a local state of emergency. Minnesota Governor Tim Walz also issued an executive order deploying 13 cybersecurity specialists from the National Guard’s cyber protection unit to support recovery and forensic investigation alongside federal partners, including the FBI.
Fraudulent invoices have since circulated, highlighting the potential for social engineering attacks in the aftermath. Experts warn that such breaches often lead to phishing attempts and secondary exploits, especially as government-targeted ransomware attacks continue to rise globally up 65% from the previous year, according to Comparitech.
Contact us : Finstein Cyber — Cybersecurity & VAPT Services
