Ransomware Group Interlock Claims Massive Data Theft from City of St. Paul

The infamous Interlock ransomware group said it breached the internal network of the city of St. Paul, Minnesota and stole more than 43 GB of confidential data.

 

Recently, officials of the city of St. Paul said that on July 25, it experienced a data security attack that targeted critical systems and digital services. City Officials immediately took the affected systems offline, and launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

As a result of the incident, the City’s daily operations, including online payments for garbage and water services, were disrupted, and the personal data of 3,500 city government employees was put at risk.

 

“St. Paul officials have been working around the clock since discovering the cyberattack, closely coordinating with Minnesota Information Technology Services and an external cybersecurity vendor. Unfortunately, the scale and complexity of this incident exceeded both internal and commercial response capabilities. As a result, St. Paul has requested cyber protection support from the Minnesota National Guard to help address this incident and make sure that vital municipal services continue without interruption,” reads a data security incident notice.

 

 

The Interlock ransomware group claimed responsibility for the cyber attack on the City of St. Paul and listed it as a victim on its data leak site. The group claimed to be in possession of 43GB of confidential data stolen from the City and threatened to leak it unless their ransom demand was met.

 

To prove the authenticity of its claim, Interlock shared sample documents stolen from St. Paul’s private servers.

 

Acknowledging the claims of the hacker group, in a statement shared with the media, City Mayor Melvin Carter said, “We’ve been contacted by the threat actor with a specific demand for a specific ransom amount. To be clear, we have not paid that and their threat was that they would release some data.

 

“We’ve maintained access to all of our data the entire time and control of all of our systems the entire time. We are doing what I lovingly refer to as a grand control-alt-delete of all of our city systems. That’s our city servers; that’s all of our devices, putting upgraded cybersecurity software on them,” Mayor Carter added.