St. Paul officials still dealing with summer cyberattack’s fallout

Douglas Sacha via Getty Images

Featured eBooks
NASCIO 2025 Special Report
Changing Workforce
Future of Tech Infrastructure
Insights & Reports
Reinventing healthcare for public sector retirees
Presented By ViaBenefits
Download Now
From Silos to Synergy: Redefining State Cybersecurity with a Risk Operations Center
Presented By Qualys
Download Now
Chris Teale By Chris Teale,
Managing Editor, Route Fifty

By Chris Teale

|

The Minnesota capital’s networks were disrupted in July and government operations are still recovering. Preparedness and partnerships were key in the city’s response.

MINNEAPOLIS — July 25, 2025, will live long in the memories of St. Paul, Minnesota’s leaders and residents, as the city suffered a cyberattack from which it is still recovering.

Leaders acted quickly to contain the threat by deactivating compromised accounts, isolating affected servers and increasing monitoring, before shutting the entire city network down when they detected that the hackers were encrypting data. The race was on to then protect systems, recover data and ensure continuity of government operations, an effort that is still underway several months on and has included the Minnesota National Guard as well as federal, state and local agencies.

As of Oct. 22, the city said 75% of its systems had been restored, so the effects of the cyberattack are still being felt, although many functions are back to normal and city workers got paid on time. 

Related articles

Cyberattacks are growing smarter and AI needs smarter data to keep up

Kept in the dark: Inside the St. Landry Parish Schools ransomware attack

House votes to reup cyber grant program

Lessons learned from whole-of-state cybersecurity efforts

“July 25 will be burned into my memory,” Mary Gleich-Matthews, St. Paul’s deputy chief information officer, said during a panel discussion at last week’s GOVIT Leadership Summit and Symposium in Minneapolis.

Officials declined to comment on how the hackers entered the city’s systems. But the ransomware network Interlock took credit for the attack a few weeks after it happened, and claimed to have stolen and posted online 43 Gigabytes of data from the city’s parks and recreation department.

Initially, the city thought the hack was a standard cyberattack, one of millions that it and other state and local governments receive every day and successfully repel. But it quickly became apparent to St. Paul’s tech leaders, as well as their employees who worked through the weekend on response, that it was “bigger than we had originally thought,” said Jaime Wascalus, director and CIO in St. Paul’s Office of Technology and Communications, during a GOVIT session.

The incident was quickly escalated to city leadership, who activated an Emergency Operations Center to coordinate the response, then engaged with Minnesota Gov. Tim Walz about calling up the National Guard, which he activated that week to provide cybersecurity support and protection. The Guard’s Cyber Protection Team was deployed for 17 days before completing its mission to supplement the city’s employees and provide support.

“What I thought was, our team, our people are amazing, but we don't have enough of them,” Wascalus said. “When I heard that we had a special unit in Minnesota that had expertise in infrastructure and cyber security and they could help us, I was like, ‘Yes, sign us up.’”

Having partnerships and relationships in place helped make it easier for the National Guard to come in and help, and it meant that no one was “fighting for turf” because they understood their roles and responsibilities, Wascalus said.

“We had already done a lot of prep work in the event that this was going to be our first activation of the Guard cyber forces,” said Army Lt. Col. Brian Morgan, director of the Cyber Coordination Cell for the Minnesota National Guard, during the panel discussion. “We knew already who was going to go, because we had done some conversations and phone calls. Everybody who showed up to this thing on the federal side and the state side, I had already in my cell phone, from the [Federal Bureau of Investigation] to [the Minnesota Bureau of Criminal Apprehension] to [Homeland Security Investigations], the Secret Service to state stakeholders. These are all people we had already partnered with.”

The state also was prepared for such an eventuality as it has an emergency operations process, as well as a whole-of-state cybersecurity plan that emphasizes shared responsibility for threats and incidents as well as mutual aid.

Rick Schute, St. Paul’s director of emergency management, said training for cyberattacks and other incidents is crucial, especially through tabletop exercises, as well as building relationships with relevant agencies who could be brought in to help. He said it is a “fanciful notion” that employees and their leaders can rise to the occasion during such a trying time. Instead, he said they will revert to their level of training and planning.

“We will not rise to the occasion,” he said. “We will fall to our level of preparedness.”

And Gleich-Matthews said one “silver lining” of the cyberattack has been that it incentivized St. Paul officials to speed up their modernization efforts. That included rolling out the city’s new Permitting and Utilities, Licensing, Inspection Engine, known as PAULIE, in September. City officials said the “accelerated launch” would help “ensure uninterrupted access to core permitting and licensing services.”

“A lot of the old applications that we had been picking departments to replace for years and years and years couldn't come back,” Gleich-Matthews said. “They're gone. Sorry. And it's really exciting that we were able to say, ‘OK, now we're going to start fresh and we're going to try these new applications.’”

NEXT STORY: House votes to reup cyber grant program

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.