[ad_1]
(TNS) — St. Paul officials say the cyber attack that has wrought havoc on the city’s online services for weeks was a ransomware attack, a sophisticated form of online assault in which hackers demand payment in order to let users back into their systems.
The city paid no money and instead shut down its network to isolate the threat, according to a written briefing provided by city spokeswoman Jennifer Lor.
Because of the ongoing criminal investigation, the city is limited in what information it can share, the briefing said.
The cyber attack was detected on July 25 and led to the shutdown and subsequent disruptions of Internet service at city libraries and recreation centers. In addition, City Hall lost its Wi-Fi, and online payment systems that handle water and sewer bills did not work.
However, St. Paul’s 911 and other emergency response systems remained functional.
The city has been working with a cybersecurity unit of the Minnesota National Guardand the FBI to secure its systems and find the source of the attack.
To counter the hack, the city has backed up all data and is testing servers as it restores and rebuilds its internal systems, according to the briefing.
St. Paul officials have said residents’ data was not at risk. According to the briefing, much of that information is kept in cloud-based applications that were untouched by the attack.
“The city maintains very little data” on residents, Mayor Melvin Carter said after the attack.
“The city doesn’t have Social Security numbers on random residents. The city doesn’t maintain that type of sensitive information on community members who don’t have some fiscal relationship with the city.”
Cyber attacks in other cities have exposed personal data. In Dallas, for example, a 2023 attack exposed the information of more than 30,000 people.
In ransomware attacks, a malicious actor typically encrypts files, making them useless, and then demands that the target pay to have them decrypted.
After St. Paul detected the attack, city computer networks were shut down in an effort to contain it. Those shutdowns — and not the attack itself — hamstrung systems across the city and forced St. Paul into analog operations.
Payroll, library book checkouts and quarterly garbage bills were among the city functions that reverted to offline systems. Some city offices reported extremely high call volumes and backlogs after some phone lines were restored last week.
At one point last week, the Department of Safety and Inspections had 950 voicemails to return, spokesman Casey Rodriguez said. By Thursday afternoon, the backlog was less than 650.
To secure city accounts and devices, the next step will be to reset passwords for all 3,500 St. Paul government employees.
In an email last week, Deputy Mayor Jamie Tincher asked all workers to report to Roy Wilkins Auditorium over the next few days to complete the process. City services will be gradually restored afterward.
Carter and other city officials have said that they have been reluctant to share information because the attackers might be listening. But as the cyber attack enters a third week, criticism of the city has emerged.
Last week, state Republican lawmakers sent Carter a letter asking for more information about the impact of the attack. And Carter’s best-known challenger for mayor in November, DFL Rep. Kaohly Vang Her, called for transparency.
The cost of recovery is also a major question. According to an IBM report, data breaches in the public and private sectors had an average cost of $4.9 million in 2024.
©2025 The Minnesota Star Tribune, Distributed by Tribune Content Agency, LLC.
[ad_2]
Source link
