Minnesota governor activates National Guard after cyberattack on state capital

The city of St. Paul, Minnesota, was forced to shut off government networks in response to a cyberattack Friday, prompting Gov. Tim Walz to activate the National Guard to assist in recovery efforts.

“We are committed to working alongside the City of Saint Paul to restore cybersecurity as quickly as possible,” said Walz in a statement attached to an executive order addressing the incident.

“The Minnesota National Guard’s cyber forces will collaborate with city, state, and federal officials to resolve the situation and mitigate lasting impacts. Above all, we are committed to protecting the safety and security of the people of Saint Paul.”

St. Paul, the state’s capital, is home to more than 300,000 people — making it one of the largest U.S. cities to face a cyberattack in 2025. 

Mayor Melvin Carter said during a press conference on Tuesday that the city is most concerned about the data it holds on government employees, arguing that the city does not carry much information on its residents. 

He called the city government network shutdown a “defensive measure” designed to prevent the hackers from taking over more systems. 

The city published a statement on Tuesday afternoon saying it is actively responding to a digital security incident that is impacting access to some internal systems and online services. 

City officials said 911 is still operational and they provided other phone numbers for non-emergency issues. 

The city was forced to shut off Wi-Fi access in all city buildings including libraries and recreation centers. All online payment systems are unavailable but residents will not be penalized with late fees for utilities. Temporary email addresses were provided for storm damage reports.

In the executive order, Walz said the cyberattack began on Friday and targeted critical systems as well as digital services. 

“This cyberattack persisted through the weekend, causing significant disruptions and impairing St. Paul’s ability to provide vital services,” Walz explained. “St. Paul officials have been working around the clock since discovering the cyberattack, closely coordinating with Minnesota Information Technology Services and an external cybersecurity vendor. Unfortunately, the scale and complexity of this incident exceeded both internal and commercial response capabilities.” 

City officials did not respond to requests for comment about whether they are dealing with a ransomware attack. Carter said he was not aware of any ransom demand when asked about it during the press conference. 

"This was not a system glitch or technical error. This was a deliberate, coordinated digital attack carried out by a sophisticated external actor intentionally and criminally targeting our city’s information infrastructure," Carter said.

"They are necessary steps to limit exposure, preserve system integrity and protect sensitive information as investigation continues. This breach was intentionally caused by a criminal, external threat actor."

In November, sister city Minneapolis dealt with a ransomware attack on the organization that runs the city’s parks and a prominent native tribe in Minnesota warned residents of a cyber incident impacting local government services in April.