It’s been nearly a month since the July 25 cyberattack crippled the City of St. Paul’s computer systems.
RELATED: Minnesota National Guard cyber team finishes mission helping City of St. Paul after ransomware attack
At the time, some critical law enforcement tools, like in-squad laptops used in traffic stops and to share case information, were knocked offline.
St. Paul police say the laptops were back in service a week after the attack.
“That was one of the first missions that the National Guard took on, to make sure the officers had their laptops,” explains St. Paul Mayor Melvin Carter.
But officers had to learn to improvise, Carter notes.
“Our officers were getting the information they needed,” the mayor says. “They were getting them over the radio, as opposed to an email or over a screen.”
The mayor says it could be weeks until systems are returned to normal.
City firefighters also use laptops in their vehicles, equipped with mapping programs — so far, authorities have not disclosed how many police or fire department laptops were affected.
Carter confirms a network called ‘Interlock,’ a ransomware group on the dark web, has taken credit for the attack.
RELATED: St. Paul cyberattack: Organization takes credit for ransomware attack on city, releases some data
Typically, ransomware restricts access to files and computer operations unless money is paid to the attacker.
City leaders say a ransom was not paid.
Staffers are now trying to reconstruct the systems under attack.
“There’s a lot of different types of interruptions and disruptions,” Carter says. “We scoured through every system and server that we have to put the heightened cybersecurity software on every device in government.”
The process includes password resets for 3,500 city employees.
Staffers are also doing ‘red hat’ exercises to check for any vulnerabilities in the system.
The mayor says residents shouldn’t worry about their personal data getting out, but there is concern some employee information may have been compromised, so the city is taking precautions.
“We put on board a full year of credit monitoring,” Carter notes. “A full year of identity theft protection for our employees, including a kind of concierge call-in number to facilitate this stuff for every city employee, whether in data breach or not.”
The following statement can be attributed to Chief Information Officer Jaime Wascalus:
The City is restoring systems in deliberate phases, prioritizing safety and security at every step. Before any systems could come back online, we completed Operation Secure Saint Paul—a citywide effort where every employee verified their identity, reset credentials, and installed advanced security software.
We are now close to bringing an initial batch of critical systems online within the next week. Full restoration will take weeks, as each of the hundreds of vital systems must be cleared of any remaining threats and undergo multiple rounds of testing and verification. This process is especially complex for larger, interconnected systems, which may take more time.
A spokesperson for the St. Paul Fire Department provided the following statement:
As a result to the cyber attack on the city of Saint Paul, all Computer Aided Dispatch systems (CAD) were proactively disable. This meant that until we were able to install new software, the computer inside our fire trucks, ambulances, and other emergency response vehicles were not able to communicate the following:
- Detailed dispatch information
- GPS (both for dispatch to identify the closest rig but also for directions to the incident)
- Incident updates
- What other companies are responding
- Fire hydrant locations
- Prior incidents at the location
- EMS Patient information
The tones inside the fire stations were also affected. Instead of dispatch sending emergency tones directly to the station they identified, firefighters took shifts monitoring the radio. This was necessary at all stations, 24 hours a day, every day of the week until last Friday August 15th.
This created a lot of additional steps and 24 hours of sleepless shifts for our fire and EMS crews.
Fire Chief Inks said, “We are incredibly proud of our members. Their professionalism and dedication during this time was such that the public didn’t notice any change in the fast and reliable response they’ve come to expect.”
