Ransomware group Interlock today took credit for a July cyber attack on the city of St. Paul, Minnesota. The attack prompted governor Tim Walz to activate the national guard in response.
The attack disrupted the city’s online payment system. Some services in libraries and recreation centers were temporarily unavailable.
“On Friday, July 25, 2025, the City of St. Paul experienced a cyberattack that targeted critical systems and digital services,” city officials said (PDF). “Unfortunately, the scale and complexity of this incident exceeded both internal and commercial response capabilities. As a result, St. Paul has requested cyber protection support from the Minnesota National Guard to help address this incident and make sure that vital municipal services continue without interruption.”
Interlock says it stole 43 GB of data from St. Paul during the attack. To prove its claim, the ransomware gang posted sample images of what it says are documents stolen from St. Paul’s private servers.
“The government of the city of Saint Paul, Minnesota, including its representatives and employees, is extremely careless and irresponsible about the security of their city, because of this, a large part of the infrastructure was damaged, brought a lot of losses and damage! Including the worse position were residents whose data was compromised in the internet!” says a note posted alongside Interlock’s proof pack.
St. Paul has not verified Interlock’s claim, but the mayor did acknowledge a ransomware attack and said the city would not pay the ransom. We do not know how much Interlock demanded, what data was stolen, or how attackers breached the city’s network. Comparitech contacted St. Paul officials for comment and will update this article if they reply.
Who is Interlock?
Interlock is a ransomware gang that first started adding targets to its leak site in October 2024. The group extorts targets both to unlock infected computer systems and to not sell or release stolen data.
Interlock has claimed responsibility for 24 confirmed ransomware attacks and made 31 unconfirmed claims that haven’t been acknowledged by the targeted organizations.
St. Paul might be Interlock’s most high-profile attack on a government entity, but it’s not the group’s first. It also took credit for the following:
- Wayne County, MI reported and October 2024 data breach
- Noblesville, IN notified 1,831 people of an October 2024 data breach
- West Lothian Council, Scotland reported a May 2024 data breach
Ransomware attacks on US government
Comparitech researchers have logged 46 confirmed ransomware attacks in 2025 to date on government entities in the USA.
Other such attacks include:
- North Providence, RI notified 1,800 people of a data breach claimed by Medusa, which demanded a $100,000 ransom
- Morgan County, AL reported a cyber attack on its emergency 911 system in May claimed by Qilin
- Washington Court House, OH said it refused to pay a ransom to Beast following a May 2025 cyber attack
Ransomware attacks on government entities can both steal data and lock down computer systems. The infected agency or department must pay a ransom to restore systems and for the ransomware gang to not release or sell stolen data. If the organization refuses, it faces extended downtime, permanent data loss, and putting data subjects at increased risk of fraud.
About St. Paul
St. Paul is the capital city of Minnesota with a population of 311,000 people.
