On July 29, 2025, Minnesota’s capital city of St. Paul was thrust into a crisis unlike any in its history. What began late Friday evening as an unusual network disruption quickly became a sweeping, deliberate cyberattack targeting the systems that keep the city running.
Officials described it as a coordinated digital assault on core infrastructure — an attack rippled through internal networks, public Wi-Fi, online portals, and municipal email. By Saturday morning, technical staff were scrambling to contain a threat that seemed to spread faster than they could isolate it. By Monday, the city took the extraordinary step of shutting down internet access across municipal operations, which city leaders said was necessary to stop the digital hemorrhaging.
A City Under Emergency Orders
Mayor Carter declared a local emergency within hours of the scope becoming clear. Speaking live to reporters, he emphasized that St. Paul would “activate every available resource to defend our city and restore services.” That declaration was more than symbolic — it unlocked emergency procurement powers, allowing city departments to bypass lengthy contract processes and request immediate aid from state and federal agencies.
By Tuesday, the City Council had voted unanimously to extend the emergency order for 90 days, a move they said would keep funding and technical support flowing during what was already being called the most serious cyber incident in the city’s history.
The urgency was not misplaced. Public officials privately acknowledged that even with all systems offline, no guarantee that hidden malware or backdoor access points hadn’t been planted in the city’s infrastructure.
National Guard Cyber Unit Called In
Minnesota Governor Tim Walz acted swiftly, ordering the state’s specialized National Guard cyber protection team into action. These are not ordinary soldiers — the unit comprises some of the state’s top digital security specialists, trained in network forensics, malware analysis, and rapid system recovery.
“We are deploying our state’s best digital security experts to assist St. Paul in protecting critical infrastructure and restoring normalcy,” Walz said in remarks published by Reuters. It’s a rare move; the Guard’s cyber teams have been deployed only a handful of times to respond to a municipal-level technology emergency.
Working alongside city IT staff and federal investigators, they brought advanced tools for tracing digital intrusions, isolating compromised systems, and rebuilding clean networks.
How the Attack Unfolded
City logs suggest the breach began late Friday, July 25. Automated alerts signaled unusual activity across several internal systems. Over the weekend, IT staff raced to map the intrusion, discovering that the attackers had exploited vulnerabilities in multiple network segments simultaneously.
By Monday, the threat had escalated to the point where officials made the drastic call to take everything offline. That decision effectively froze city operations — affecting employees, residents, and local businesses — but cybersecurity experts later said it likely prevented the attackers from moving deeper into critical databases.
In a public statement, officials credited “an unprecedented degree of coordination and urgency” among local, state, and federal responders with preventing a full-scale catastrophe.
Essential Services Strained
The attack’s impact was immediate. St. Paul’s public Wi-Fi went dark, online payment platforms and permit application portals were inaccessible, municipal email accounts were disabled, and libraries, community centers, and public offices were left without internet access.
Emergency services such as 911 remained operational — the city had safeguarded those systems on isolated networks — but officials admitted that backend processes like report filing, record checks, and routine administrative functions were significantly slowed. “No late fees will be charged, and alternative communications are in place,” the city assured residents in an early update.
Containing the Damage
Two national cybersecurity consulting firms were brought in within 24 hours of the shutdown. They worked alongside the city’s technology team from an emergency operations center, holding daily briefings with the mayor’s office and public safety officials.
“We aimed to balance public safety with continued essential operations,” city spokesperson Jaime Wascalus said. Temporary email solutions were spun up for staff. New hotlines were created for residents to report urgent needs, storm-related damages, and routine service issues.
A Network of Allies
The response quickly grew to include the FBI, state IT experts, county partners, and private sector cybersecurity specialists. Federal agents focused on tracing the source of the attack, while National Guard and local teams concentrated on containment and recovery.
Ramsey County, where St. Paul is located, temporarily cut some network links as a precaution, even though its systems remained unaffected. Neighboring cities heightened monitoring and offered technical assistance, underscoring that no municipality is immune in today’s cyber threat environment.
Public Messaging
Mayor Carter was unequivocal: “This was not a glitch or a technical error. This was a deliberate, coordinated, digital attack… intentionally and criminally targeting our city’s information infrastructure.”
Governor Walz echoed that urgency, vowing Minnesota would “deploy every asset at our disposal to restore cybersecurity as quickly as possible.”
What Investigators Are Finding
The FBI’s cyber forensics teams began combing through digital logs almost immediately. Though officials have withheld specifics to protect the investigation, early indications point to sophisticated intrusion techniques.
National trends suggest ransomware as a possible motive, but St. Paul leaders have refused to confirm whether ransom demands were made. “This is still an active investigation,” officials stressed, warning that releasing details could hinder their ability to track the attackers.
Impact on Residents
The effects were tangible for residents. Online bill payment portals were shut down. Building permits and business licenses slowed to a crawl. Public records requests were put on hold.
City officials also warned of a secondary wave of scams — fraudulent invoices, phishing emails, and spoofed communications designed to exploit the disruption. They set up verified contact points and urged residents to double-check any payment requests during the outage.
Keeping Emergency Services Intact
Even as administrative systems faltered, core public safety services were insulated from the breach. Emergency calls were answered, and police and fire departments continued to respond typically.
Still, leaders admitted that the lack of digital support slowed certain functions. “Protecting life safety systems is the top priority, even under digital duress,” one city official said.
Protecting Workers and Data
Throughout the crisis, city leaders connected with municipal labor unions to ensure payroll, health benefits, and network access issues were addressed. “We have seen no evidence that employee data has been compromised, but we are staying vigilant,” Wascalus said.
The city also launched an updated public FAQ page with daily briefings covering employment, safety, and alternative work arrangements.
No Evidence of Data Theft — Yet
As of the first week in August, there was still “no indication that sensitive employee or resident data has been stolen,” according to Mayor Carter and the city’s technology division. The real damage was in downtime, delayed services, and public uncertainty.
However, investigators cautioned that digital intrusions sometimes reveal stolen data months after the initial breach, urging residents and businesses to remain alert.
A National Problem
St. Paul’s ordeal comes amid a nationwide surge in cyberattacks on local governments. Experts say these incidents have more than doubled in the past two years, driven by increasingly sophisticated ransomware operations. Many cities operate on aging IT systems, with limited cybersecurity budgets and heavy dependence on digital services — a perfect storm for attackers seeking to cause maximum disruption.
The stakes are high: from water treatment facilities to emergency dispatch systems, municipalities now hold vast amounts of sensitive data and operate critical services that a single breach can paralyze.
Gradual Recovery
Some public services had been partially restored by the first week of August. Library Wi-Fi returned in limited capacity. Specific payment portals were reactivated. Utility services began catching up on delayed processing.
Officials outlined a phased reopening plan prioritizing internal systems first, followed by high-demand public platforms. Grace periods and fee waivers were announced for those who missed deadlines during the outage.
Learning from the Crisis
Cybersecurity consultant Leah Brandt said the attack underscored a lesson long warned about but often ignored: “Routine vulnerability assessments and a structured incident response plan are now municipal necessities.”
City leaders have already announced upgrades, including simulated attack drills, stronger partnerships with federal agencies, and expanded training for city employees to recognize phishing and other cyber threats. They’ve also committed to sharing a full after-action report with other municipalities to strengthen regional defense.
Governing Under Emergency Powers
The extended state of emergency has allowed the council to fast-track cybersecurity purchases, hire specialized contractors, and accelerate infrastructure upgrades. Council Member Nelsie Yang defended the move, saying, “This legal framework lets us act decisively without bureaucratic delays when our residents’ welfare is on the line.”
Weekly updates and public Q&A sessions have been promised until the crisis is resolved.
Looking Ahead
City technology chief Jaime Wascalus pledged a transparent review process and open communication channels for residents and businesses still grappling with the fallout. “We will fully inform the public and other cities of lessons learned,” she said.
A Turning Point for City Cybersecurity
In hindsight, the St. Paul cyberattack will likely be remembered as a turning point in municipal leaders’ treatment of cybersecurity as critical public safety infrastructure.
A GovTech analyst said, “Modern municipalities must invest in cyber resilience and strategic partnerships, or risk being the next target.” St. Paul’s response, combining local determination with state and federal expertise, may become a case study for managing and surviving a city-scale digital assault in the 21st century.
