Interlock Ransomware Leaks 43 GB of St. Paul Data as City Refuses to Pay Ransom

Saint Paul, August 13, 2025 – The ransomware group Interlock has publicly released 43 GB of data allegedly stolen from the City of St. Paul following a cyberattack in late July. In response, city leadership declared that no ransom will be paid, triggering a citywide Operation Secure St. Paul to restore systems and lock down infrastructure.

When a cyberattack occurs, the attackers retaliate.
Officers had to shut down vital systems after the cyberattack started on July 25, 2025, which caused online payment portals, city Wi-Fi, and other municipal services to stop functioning.The Minnesota National Guard was deployed, and the FBI was involved shortly after the state of emergency was declared.

The group released the data online along with a harsh statement accusing city officials of being “extremely careless and irresponsible” in their security posture after the city rejected Interlock’s demand for ransom.

Details of the Leak and the Official Reaction
The Parks and Recreation Department’s shared network drive is the source of the leaked data, which consists of a patchwork of files including internal documents, employee records, ID scanner images, and even recipes. Crucially, the city attested that there was no compromise of the financial systems or essential citizen data.

Residents were reassured by Mayor Melvin Carter that the city maintains control over its systems and that public services, particularly emergency services, will continue to function.

Reconstruction and Containment Activities
Over 90% of devices now have improved cybersecurity software, and about 3,500 city employees are getting their passwords reset in person as part of Operation Secure St. Paul. The FBI and Minnesota National Guard are actively helping to restore systems.

Citing earlier CISA advisories that warned of Interlock’s tactics, officials are emphasizing longer-term preventive measures, such as system segmentation and DNS-level protections.

The Significance of It
Risk to public trust: Employees and possibly residents are at increased risk of identity theft and targeted phishing as a result of the leak, which also reveals internal government operations.

Test of civic resilience: The city’s refusal to pay the ransom, along with coordinated federal and state assistance, highlights a more robust response to ransomware.

The key is prevention: The fact that Interlock targets municipal systems indicates that cyber threats should be viewed as critical rather than incidental by urban infrastructure.