Ransomware

The city is gradually restoring online services after a ransomware attack in July interrupted them. Phone service, online water bill payments, and Parks and Recreation payment systems are among those restored.

The local government, which sustained a ransomware attack June 18, is informing people whose information may have been impacted, via a website. A review of the impacted data is continuing.

CISA put out a warning about the ransomware variant "Interlock" days before it attacked St. Paul, Minn. City leaders explained how they interacted with the criminals, sparking the decision not to pay.

Officials have paid no ransom, instead shuttering their network to isolate the attack detected July 25. The city has been working with the FBI and Minnesota National Guard to secure systems and find the attack’s source.

County commissioners announced the recent incident, which prompted the local government to shutter its network, has been resolved, in part by making a payment. Officials continue to securely restore systems.

The local government is working with state and federal agencies as it recovers from the data breach discovered in April. Officials have mailed notification letters to residents and will work to become more cyber resilient.

The cybersecurity incident detected Wednesday prompted officials to shutter most county systems. The attack hit the local government’s network. Fire and emergency 911 resources were able to continue to operate.

A cyber attack that struck the county April 28 impacted several systems around real estate, deeds, tax processing and land transactions. Several of these remain offline more than a month afterward.

Officials, who recently increased their cyber insurance coverage, have refused to pay a ransom. They are working to fully replace all network infrastructure, including desktops, laptops, servers and storage.

The March incident, which compromised information belonging to at least 10 people, was a ransom attack, the county said in a statement. The local government declined attackers’ demand and took systems offline.

Courtrooms have stayed open and judicial proceedings have gone forward following the attack detected early Monday. But systems across the sheriff’s and circuit clerk’s offices and at the courthouse were forced offline.

The ransomware incident has forced county officials to take offline systems belonging to the sheriff’s office, the circuit clerk’s office and the courthouse. The incident came to light around 2:30 a.m. Monday.

A ransomware attack in February compromised private information of employees and students at Baltimore City Public Schools, and the city’s state’s attorney’s office was targeted in March.

After a nearly five-month investigation, officials determined that compromised sensitive information included names, addresses, Social Security numbers, financial account information, passport numbers and more.

Ransomware attacks hit another record in 2024, and attacks in 2025 are not slowing down. So what’s new and what can we learn about ransomware as we move forward?  

The court’s online civil and criminal dockets repeated failed Monday and authorities had announced the previous evening it would be closed that day. The closure extended into Tuesday as officials probed its cause.

Bad actors known collectively by that name are staging attacks on targets in more than 70 countries, the Cybersecurity and Infrastructure Security Agency, and the FBI said. The latter advises regular system backups.

Officials were able to take down a server, make repairs and restore service after an attempt to extort money through an attack on the police department’s system. For now, the department is filing paper police reports.