The Interlock ransomware group has allegedly targeted the government of the City of St. Paul, Minnesota 🇺🇸. The threat actors added the city to their data leak site, claiming responsibility for a significant data breach. Saint Paul is the capital of Minnesota and a major metropolitan hub with a population of over 310,000 residents. The ransomware group claims that carelessness on the part of the city’s government led to the compromise, resulting in infrastructure damage and the exposure of sensitive resident data.
According to the post, the threat actors have exfiltrated approximately 43 GB of data, comprising over 66,400 files. An analysis of the allegedly leaked file structure suggests that a wide range of sensitive municipal and employee information has been compromised. The exposure of such data could have serious consequences for both city employees and residents, potentially leading to identity theft and fraud.
The compromised data allegedly includes a variety of internal documents. Based on the file names, the leaked information appears to contain:
- Work Plans and Restructuring Documents
- Employee Job Descriptions and Title Studies
- Pay Statements and Financial Information
- Letters of Recommendation
- Internal Schedules
- Evaluation and Test Group Information
