St. Paul Grapples with Interlock Ransomware Attack as Sensitive City Data Surfaces.
The City of St. Paul is grappling with the aftermath of a significant cyber attack, with the notorious Interlock ransomware group claiming responsibility and already releasing some Parks and Recreation data onto the dark web. Mayor Melvin Carter publicly confirmed the network breach, plunging the city into a state of emergency as officials work to mitigate the damage.
Mayor Carter acknowledged that the compromised network was indeed targeted by Interlock, an organization known for its sophisticated, money driven operations operating from the dark web. The group, which utilizes illicit online channels, took credit for the breach, marking a serious escalation in cyber threats against municipal infrastructure.
Interlock claims to have exfiltrated a staggering 43 gigabytes of data from St. Paul’s systems. This trove of information could potentially include a wide range of sensitive materials, from critical work documents to highly personal identification details like copies of IDs submitted for human resources or travel purposes. This raises significant concerns about potential identity theft and privacy breaches for city employees and residents alike.
In a resolute move, the City of St. Paul has firmly refused to pay the ransom demanded by the Interlock group. This decision, while principled, means the city must now focus entirely on recovery and hardening its digital defenses, rather than negotiating with criminals.
The city is undertaking the monumental task of rebuilding its compromised computer systems from the ground up, aiming to create a more resilient infrastructure that can deter Interlock and other malicious actors from future attempts. Critical support is being provided by both the Minnesota National Guard and the Federal Bureau of Investigation (FBI), who are actively assisting with the investigation and remediation efforts as the city remains under an official state of emergency.
The incident serves as a stark reminder of the escalating threat posed by cybercriminals to public services and underscores the continuous efforts required to safeguard vital digital assets against increasingly sophisticated attacks.
The term “Interlock” does not refer to a new, distinct ransomware group. Instead, it is a significant intelligence assessment made by leading U.S. cybersecurity agencies the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA). This assessment points to a disturbing convergence: operational links between two notorious ransomware strains, Black Basta and Royal, and Russia’s military intelligence agency, the Main Intelligence Directorate (GRU), specifically its notorious Unit 26165 commonly known as Sandworm or APT28.
