St. Paul, Minn., Extends Emergency in Cyber Attack for 90 Days

(TNS) — Three days after St. Paul Mayor Melvin Carter announced a local state of emergency, the St. Paul City Council voted Friday to extend it for 90 days, granting the mayor added time to oversee a coordinated response to a sophisticated cyberattack that has required assistance from the FBI and the Minnesota National Guard’s cybersecurity experts.

The security breach of the city’s Internet-based information systems was first detected Friday, and by Monday, it became apparent that the breach could not be contained by the city’s Office of Technology and Communications alone. City officials have not indicated if they know who is behind the attack or if there has been a ransom demand.

Carter has said he was unaware of any personnel data that had been obtained in the incident, but he has acknowledged the city is not leading the criminal investigation, which has pulled in the FBI and the Minnesota National Guard’s cyber security unit.

Carter declared a local state of emergency on Tuesday, allowing him to hire national cybersecurity firms and coordinate other efforts across city departments without first seeking budget clearance from the city council or multiple bids from vendors.

“By extending the emergency declaration, we’re ensuring that the city can continue to access the external support and coordination necessary to respond effectively,” said City Council President Rebecca Noecker, in a written statement. “Today’s action by the council reflects both the seriousness of this incident and our responsibility to protect the continuity of essential services for St. Paul residents.”

UNPLUGGING

In an effort to contain the security breach and keep hackers or “threat actors” away from personnel data and other systems, the city took the precautionary step on Tuesday of effectively unplugging itself from the Internet. That’s meant that key services have been inaccessible, from online water bill payments to squad-based police laptops for looking up criminal warrants. Emergency services such as 911 remain available.

The city has been moving services back online as able, once it’s determined they’re not compromised or infected. Cloud-based software has been among the first to be restored following what the mayor’s office has described as a “forensic investigation” involving multiple cybersecurity vendors, the FBI and the Minnesota National Guard.

Even some city phone services are Internet-based and have required proofing. Customer service lines for the St. Paul Public Library system, Parks and Recreation, the Como Park Zoo and Conservatory, the Department of Safety and Inspections, St. Paul Regional Water Services and the mayor’s office are all back in service, with the remainder expected to come back online in the coming days, the mayor’s office announced Thursday evening.

RANSOMWARE ATTACKS

Between 2018 and the end of 2024, 525 individual ransomware attacks were carried out against municipalities and other public government organizations in the U.S., costing an estimated $1.09 billion in downtime, according to researchers with Comparitech.com.

Ransomware attacks on public agencies in the U.S. have doubled from 41 in 2022 to 88 in 2024, generally with the goal of forcing agencies to pay a financial ransom.

Carter this week said he was unaware of St. Paul receiving any financial demand.

Meanwhile, the Ramsey County Board of Commissioners will vote Tuesday on whether to approve its own state of local emergency, a technical maneuver that would allow the city or county to apply to the state down the line for reimbursement of certain funds used to contain the security breach. County officials have said there’s been no indication that the county’s information systems have been compromised, even though the county shares some departments and services with the city.

The latest updates on city services are available at stpaul.gov.

©2025 MediaNews Group, Inc, Distributed by Tribune Content Agency, LLC.