[ad_1]
The city of St. Paul, Minn., has refused to pay a ransomware demand from the cyber criminal group Interlock, even after the attackers claimed to have stolen city data. In retaliation, the group, known for large-scale attacks on governments and critical infrastructure, published 43 gigabytes of material online for free.
The leaked files, taken from a shared Parks and Recreation network drive, included Word documents, copies of employee IDs and personal items such as recipes. City officials say the drive also contained personal files that employees had stored over time, but not sensitive data from core city systems.
City officials argue the relatively small scope of the leak, only 43 gigabytes of the city’s total 153 terabytes of data, underscores why they refused to pay. In this case, the city says the data posted publicly appears to have had limited value to the attackers.
In the video below, a segment of a press conference hosted by the city on Aug. 11, Mayor Melvin Carter explained the decision-making process and the FBI and Minnesota National Guard’s recommendation not to pay.
“We asked them to demonstrate what they had, and instead of demonstrating that, they decided to end the conversation,” said Carter.Carter noted that the initial attack occurred July 25, mere days after the Cybersecurity and Infrastructure Security Agency posted a cybersecurity advisory about the group. According to the FBI, this Interlock ransomware variant has attacked victims since September 2024, targeting businesses and critical infrastructure with financially motivated campaigns.
According to the advisory, Interlock’s tactics make it critical for agencies to block malicious sites and content at the DNS level, control web access with firewalls and train users to spot social engineering schemes. They also suggest agencies do prompt patching of operating systems, software and firmware to close known vulnerabilities, as well as segmenting networks to prevent an intruder from moving laterally once inside.
In response to the data leak, the city is offering credit monitoring and identity theft insurance to every part-time, full-time and seasonal city employee.
The Minnesota National Guard’s 177th Cyber Protection Team is helping the city rebuild systems. City officials declined to estimate costs but said overtime alone for staff mitigating the attack will be significant.
“Obviously if there’s a fire, we put out the fire, and we figure out how much the water costs later,” said Carter. “This has been an emergency situation, so we’ve been all hands on deck responding to that emergency. It will certainly be expensive, our staff have been working day and night, literally around the clock.”
Maintaining the city’s 911 services was a top priority during the early stages of the attack. Carter noted the greatest threat to those operations wasn’t the hack itself, but the potential inability to pay emergency workers.
“Our payroll team had one week to take systems that they’re used to running on computers and turn them into manual systems,” said Carter.
Most critical applications are expected to be back online later this week. The city has required all employees to reset passwords and has installed advanced security software on city devices. Carter said if those upgrades had been in place before the incident, the attack likely would have been detected sooner.
“Boosting all of those things boosts our cybersecurity posture and puts us in a much stronger state of readiness,” he said.
[ad_2]
Source link
