7 days ago
St. Paul officials say city systems will start coming online "within next week" after cyberattack
St. Paul city leaders say they eradicated the threat and are on the road to recovery after a cyberattack late last month prompted officials to shut down systems to minimize damage.
It's why residents still can't use Wi-Fi at public libraries or pay their water bills online. Some city phones connected through internet were also impacted, though 911 emergency services have remained operational.
In an interview with WCCO Sunday, Mayor Melvin Carter said the city will start restoring systems soon after 3,500 employees get their devices checked and passwords reset. That is happening over the next three days in what the city is calling "Operation Secure Saint Paul."
"This a grand kind of reset and finishing that process will be able to put us in a place where we can start within the next week bringing systems back online safely," Carter explained.
Carter said the individuals who launched the attack demanded a ransom, which the city did not pay. That detail had not previously been disclosed since the mayor's office first alerted the public of the attack at the end of last month.
IT staff first were alerted to "suspicious activity" on July 25 and soon after, moved systems offline. In the more than two weeks since that happened, the city declared a state of emergency that remains ongoing and Gov. Tim Walz deployed the National Guard's cyber team to help.
Had technology officials not taken the actions they did, the situation could have been much worse, the mayor added.
"The sort of days where we should expect to build a wall that nobody can ever get through — we're beyond that. The question now is, how do you create systems that can flag and alert you to illicit activity right away? Our system did that," he said.
There is still an active investigation into what happened but he and Jaime Wascalus, the chief information officer, expressed confidence that hackers did not remove any data during the breach, including personal information of city employees.
"This is a big undertaking. There are a lot of logs to look through, but it has been just exhilarating every single day to hear from my team, 'we have no evidence'," Wascalus told WCCO. "We're already two weeks into here, and usually you would see that evidence of data being removed. So we feel really good about the position that we're in. But again, we want to be cautious because we haven't completed that forensic investigation."
The city has not shared the total cost of fending off the cyber attackers and Carter suggested additional security measures — which would require more funding — will be a discussion at City Hall in the next few years.
The average cost of a data breach is $4.4 million, according to an IBM report.
Wascalus said while the city is shifting to the recovery phase of its operation, not everything will be back to normal right away.
"We are going to start with public safety, with payroll, those critical systems that keep us moving forward," she said. "It will take a few weeks to get everything online. And that means we're doing it right. We're doing it slowly, safely and securely."
