On July 29, 2025, Minnesota made a rare move: deploying the National Guard, not for a flood, wildfire, or civil unrest, but for a cyber emergency.
In the state capital, St. Paul, digital systems went dark after what officials later described as a deliberate and sophisticated cyberattack. Public Wi-Fi was disabled. Libraries closed.
City employees couldn’t access their systems. And yet, emergency services held steady. The state’s governor and city mayor stood in front of cameras, addressing a city paralyzed… by code. What happened, who was behind it, and how bad is the damage? Here’s what we know.
The First Signs of Trouble
Early on Friday, July 25, St. Paul’s internal security tools detected suspicious activity in city systems. At first, officials didn’t sound alarms, but by Monday, the situation had escalated.
Activity logs and user access patterns hinted at a deeper issue. What looked like an isolated event turned into something much larger and coordinated.
A Full Shutdown Begins
By Monday, July 28, city leaders initiated a full shutdown of their digital infrastructure. Wi-Fi in public buildings was turned off.
Payment systems went offline. Libraries and public resources halted operations. This was a defensive move to contain the threat. The decision disrupted life in a city of over 300,000, but officials said the alternative could be worse.
Emergency Declared
On Tuesday, July 29, St. Paul Mayor Melvin Carter declared a state of emergency. That same day, Minnesota Governor Tim Walz approved the deployment of the Minnesota National Guard.
This was not a common occurrence. In fact, it marked the first time Minnesota’s cyber protection team had been deployed within the state. The city’s own IT capacity had been overwhelmed.
Who Got Hit and How
The full extent of the damage is still being determined, but several key systems were affected. These included city employee databases, internal communication networks, library systems, and digital services used by residents.
Emergency systems, including 911, were not compromised. However, payroll and administrative tools had to revert to manual methods.
Who’s Investigating
The FBI quickly took the lead on the investigation. Two national cybersecurity firms were also brought in to assist with recovery and digital forensics.
As of now, no one has publicly claimed responsibility. The mayor described the attack as being carried out by a “sophisticated external actor.” Officials have not said whether ransomware was involved.
A National Guard First
The Minnesota National Guard’s cyber protection team had never before been activated for a domestic incident within the state.
Thirteen specialists were deployed to help with containment and recovery. According to Brigadier General Simon Schaefer, the Guard was called in because the attack had clearly exceeded what the city could manage on its own.
A Coordinated Digital Strike
Officials say this wasn’t a random hit. The timing, method, and scope suggest planning and coordination. The attack began subtly, lurking in the background, before forcing a total shutdown.
While the exact tools used in the breach haven’t been shared, the city is treating the event as a criminal act with national security implications.
What’s the Cost?
Cyberattacks on U.S. municipalities have been rising sharply. IBM’s 2024 report estimates an average breach cost of $4.9 million for public sector organizations.
In this case, the final costs may be several million. Beyond money, there’s time: recovery from ransomware-style attacks can take three to five months. St. Paul could face a long road back to normal.
What Was at Risk
So far, officials have stated that resident data appears mostly unaffected. However, city employee information may have been accessed.
Mayor Carter has asked all city workers to take steps to protect their digital identities at home and at work. The full scope of what was accessed, or stolen, is still under review.
Broader Impacts on Minnesota
The digital strike in St. Paul has triggered security reviews in neighboring cities. Officials across Minnesota are assessing vulnerabilities, updating protocols, and increasing training.
The concern isn’t just about fixing this breach. It’s about preventing future ones. Cities across the U.S. are watching this response closely.
St. Paul Isn’t Alone
Dozens of U.S. cities have faced similar cyber threats. In recent years, attacks have disrupted everything from school districts to police departments.
A growing number are tied to international criminal groups. The FBI’s involvement in the St. Paul case underscores the seriousness and potential reach of the incident.
A Growing National Trend
Ransomware attacks on public infrastructure jumped 126% in the first quarter of 2025. The U.S. government has warned that municipalities remain high-value, low-resistance targets.
Many rely on outdated systems and lack full-time cybersecurity teams. St. Paul’s experience highlights the growing risks for even mid-sized cities.
The Political Response
Governor Tim Walz and Mayor Melvin Carter have both stressed transparency and recovery. “We acted quickly to protect our city’s infrastructure,” Carter said, “but this event shows we need deeper statewide coordination on digital security.” Some lawmakers are already pushing for more funding for municipal cybersecurity across Minnesota.
What Comes Next
For now, St. Paul remains in recovery mode. Digital systems are being rebuilt, access is being restored, and forensic investigations are ongoing.
It may be weeks before normal operations return, and longer before the public knows exactly who was behind the attack. What’s clear: cities are becoming new battlegrounds, and the front lines are increasingly digital.
