Saint Paul Cyberattack Linked to Interlock Ransomware Gang
The city of Saint Paul, Minnesota's capital, has confirmed that the notorious Interlock ransomware gang is responsible for a devastating cyberattack that crippled many of its systems and services in July. The attack, which occurred on July 29th, prompted Governor Tim Walz to activate the National Guard to assist with the response efforts.
The cyberattack had a significant impact on St. Paul's digital services and critical systems, leaving some services temporarily delayed or disrupted due to limited system access. The city has assured residents that emergency services remain unaffected, but online payments are currently unavailable. No late fees will be assessed during this period, and additional billing and service updates will be shared once the systems are restored.
The city is still working with local, state, and federal partners to investigate the attack and restore full system functionality. In a recent statement, Mayor Malvin Carter confirmed that Interlock was behind the attack, adding that the incident does not affect residents' personal or financial information and that the city refused to pay the gang's ransom demand.
Interlock, known for its custom SystemBC RAT malware, gained access to St. Paul systems around July 20th, according to threat intelligence company PRODAFT. The group has been linked to various attacks worldwide across different industry sectors, with a focus on healthcare organizations. This includes breaching DaVita, a Fortune 500 company specializing in kidney care, and hacking Kettering Health, a healthcare giant with over 120 outpatient facilities and more than 15,000 employees.
CISA and the FBI had warned about increased Interlock ransomware activity targeting critical infrastructure organizations just days before the St. Paul attack, sharing mitigation measures to defend against this ransomware gang's attacks. The group has been linked to ClickFix attacks and malware attacks in which they deployed a remote access trojan called NodeSnake on the networks of multiple U.K. universities.
Interlock surfaced in September 2024 and has since breached victims worldwide across various industry sectors. In addition, it claimed responsibility for breaching and stealing over 1.5 terabytes of data from DaVita and hacking Kettering Health. The group also published some of the stolen files on its leak site.
The Interlock ransomware gang described the attack as "A large part of the infrastructure was damaged, brought a lot of losses and damage! Including in the worst position were residents whose data was compromised," highlighting the severity of the incident.
Key Findings and Takeaways
- The city of Saint Paul has confirmed that Interlock ransomware gang is responsible for the cyberattack that occurred on July 29th, which affected many of its systems and services.
- The attack had a significant impact on St. Paul's digital services and critical systems, leaving some services temporarily delayed or disrupted.
- Emergency services remain unaffected, but online payments are currently unavailable, and additional billing and service updates will be shared once the systems are restored.
- The city refused to pay the gang's ransom demand, confirming that residents' personal or financial information is not affected.
- Interlock gained access to St. Paul systems around July 20th, according to threat intelligence company PRODAFT.
- CISA and the FBI had warned about increased Interlock ransomware activity targeting critical infrastructure organizations just days before the St. Paul attack.
Prevention and Detection Measures
With the growing number of ransomware attacks, it's essential to take proactive measures to prevent such incidents. Some key findings from the recent Picus Blue Report 2025 include:
- A 2X increase in password cracking, with nearly half of environments having their passwords cracked.
- 46% of environments had passwords cracked, nearly doubling from 25% last year.
Stay informed about the latest cybersecurity threats and trends by getting your copy of the Picus Blue Report 2025 now. This comprehensive report provides a detailed look at prevention, detection, and data exfiltration trends, offering valuable insights for individuals and organizations alike.