The mayor of Saint Paul, Minnesota’s capital metropolis, has confirmed that the Interlock ransomware gang is accountable for a cyberattack that disrupted most of the metropolis’s techniques and companies in July.
On July twenty ninth, Minnesota Governor Tim Walz activated the Nationwide Guard in response to the crippling cyberattack that had affected St. Paul’s digital companies and demanding techniques.
Town requested Minnesota Nationwide Guard’s cyber safety help because of the cyberattack’s impression exceeding St. Paul’s incident response capability.
“Whereas many metropolis companies stay accessible, some could also be quickly delayed or disrupted because of restricted system entry. We recognize your endurance and understanding as we work to convey techniques totally again on-line,” the town says.
“On-line funds are at present unavailable. No late charges will likely be assessed throughout this era. Further billing and repair updates will likely be shared as soon as techniques are restored.”
Town continues to be working with native, state, and federal companions to analyze the late July assault and restore full system performance, however says that emergency companies have been unaffected.
On Monday, Mayor Malvin Carter confirmed that the Interlock ransomware group was behind the assault, including that the incident does not have an effect on residents’ private or monetary data and that the town refused to pay the gang’s ransom demand.
The ransomware gang added the Metropolis of Saint Paul to its darkish net portal earlier this week, claiming that they’d stolen over 66,000 recordsdata or 43 GB price of knowledge, a few of which has now been revealed on the group’s leak web site.
“A big a part of the infrastructure was broken, introduced lots of losses and injury! Together with within the worst place had been residents whose information was compromised,” the gang claimed.
Interlock surfaced in September 2024 and has since breached victims worldwide throughout varied trade sectors, with a concentrate on healthcare organizations.
This ransomware gang was beforehand linked to ClickFix assaults and malware assaults through which they deployed a distant entry trojan referred to as NodeSnake on the networks of a number of U.Ok. universities.
Extra lately, Interlock additionally claimed duty for breaching and stealing 1.5 terabytes of knowledge from DaVita, a Fortune 500 firm specializing in kidney care, and for hacking Kettering Well being, a healthcare large with over 120 outpatient amenities and greater than 15,000 staff.
Days earlier than the St. Paul ransomware assault, CISA and the FBI warned about elevated Interlock ransomware exercise focusing on crucial infrastructure organizations in double extortion assaults, sharing mitigation measures to defend towards this ransomware gang’s assaults.
46% of environments had passwords cracked, practically doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration developments.