Governor Tim Walz activated the Minnesota National Guard‘s cyber forces on July 29, 2025, following a sophisticated cyberattack that crippled St. Paul’s municipal computer systems and prompted the city to declare a state of emergency. The deployment came after city officials detected suspicious activity on internal networks Friday, July 25, and afterwards shut down all information systems and internet access Monday, July 28, to contain the threat.
The cyberattack, attributed to a sophisticated external actor deliberately targeting city infrastructure, rendered most city services unavailable, including online bill payment and public Wi-Fi in libraries. Emergency services, including 911, remained operational throughout the incident.
The magnitude and complexity of the attack exceeded the city’s response capacity, prompting officials to request state assistance. The National Guard’s cyber units were tasked with cyber protection support, system recovery, and service continuity to restore critical services and secure public safety and security.
The deployment represents a collaborative effort involving city, state, and federal officials, along with two national cybersecurity firms brought in to assist with investigation and system recovery. Mayor Melvin Carter characterized St. Paul as “the victim of a serious crime,” describing the incident as a deliberate, coordinated attack on information infrastructure.
Governor Walz highlighted the Guard’s mission to “restore cybersecurity as quickly as possible” during his commitment to public safety. Officials stressed that the system shutdown was necessary to protect sensitive data and maintain system integrity during recovery efforts. The FBI has initiated an investigation to determine the attackers’ identity and motives.
The attack reflects broader trends in municipal cybersecurity threats. According to cybersecurity firm Sophos, 34% of state and local governments were hit by ransomware in 2024. City governments remain prime targets for ransomware gangs seeking to extort money through data breaches, with recent major attacks affecting Columbus, Ohio, and Minneapolis Public Schools. Local cybersecurity experts indicate the attack may have ransom motivations behind the incident.
Cybersecurity analysts note that no municipality is considered off-limits for sophisticated cyberattacks. City officials activated their Emergency Operations Center and increased coordination among departments during the promise of continued communication updates as the investigation and recovery proceed.
The disruptions caused significant inconveniences for residents and city employees, potentially exposing sensitive personal data while crippling municipal operations.
