The Cyber Siege: How Ransomware is Crippling America's Cities and Towns

The summer of 2025 has proven to be one of the most devastating periods for municipal cybersecurity in U.S. history, with major cities and state governments falling victim to increasingly sophisticated ransomware attacks that have disrupted essential services for millions of Americans.

Smart City Cybersecurity Assessment | CyberSafe.City

Comprehensive security assessment for smart city technologies. Evaluate risks, get recommendations, and protect your urban infrastructure.

CyberSafe.City

From Nevada's unprecedented statewide shutdown to Minnesota's National Guard deployment, the scale and impact of these attacks reveal a troubling vulnerability in America's digital infrastructure. As we examine the recent wave of cyberattacks, one thing becomes clear: our cities and towns have become the new battleground in an escalating cyber war.

Summer 2025: A Perfect Storm of Cyber Chaos

Nevada's Historic Statewide Paralysis

The attack, first detected Sunday, August 24, 2025, has forced the shutdown of DMV branches, state agency websites, and phone lines, leaving Nevadans unable to access many essential services. What makes Nevada's situation particularly alarming is its scope – this would appear to be the first of its type done against a state, according to cybersecurity experts.

The ransomware attack effectively crippled an entire state government for days, forcing Nevada's state offices to close for two days this week and rendered some state websites and phone lines unavailable. By Wednesday, officials confirmed the worst fears: data was moved outside of Nevada's state networks by "malicious actors" during a "sophisticated, ransomware-based" cyberattack.

The human cost was immediate and tangible. DMV offices remained closed, leaving residents unable to conduct essential business. The outage also prevented law enforcement from accessing state DMV records. For a good part of Sunday, the dispatch phone lines for Nevada State Police were down.

St. Paul: When Cities Call in the Military

Just weeks before Nevada's crisis, St. Paul Mayor Melvin Carter says the city suffered a digital security breach by a targeted attacker starting last Friday in late July. The attack was so severe that Minnesota Governor Tim Walz issued an executive order to activate the National Guard Tuesday after the city of St. Paul became the target of a cyberattack.

The deployment marked a historic first – the Minnesota National Guard's cyber protection unit had never been activated for a municipal cyberattack. The governor's office said "the magnitude and complexity of the cybersecurity incident have exceeded the city's response capacity."

The Interlock ransomware gang was ultimately identified as the perpetrator, claiming that they had stolen over 66,000 files or 43 GB worth of data, some of which has now been published on the group's leak site. The attack disrupted city services for weeks, with some systems still recovering months later.

Texas Under Siege: Greenville's Silent Struggle

While Nevada and St. Paul grabbed headlines, the city's servers were attacked by a ransomware group on Aug. 5, affecting police records and essential city services. Unlike other attacks, Greenville's response was notably understated, with the city has not publicly confirmed a cybersecurity incident through its official website or social media channels.

The attack's impact was widespread: Greenville Electric Utility System (GEUS), the city's utilities provider, was impacted and currently cannot accept online payments and access to billing information. The city was forced to file a catastrophe notice with the Texas Attorney General, unable to respond to public information requests.

The Broader Pattern: A Nation Under Digital Assault

Staggering Statistics Tell the Story

The numbers paint a sobering picture of municipal vulnerability. Between 2018 and 2024, there were 525 individual ransomware attacks carried out against municipalities and other government organizations in the U.S. The financial toll is staggering: over the past three years, 246 ransomware attacks have struck U.S. government organizations at an estimated cost of $52.88 billion.

Recent data shows mixed trends. While 34% of state and local government organizations were hit by ransomware in 2024, a 51% reduction in the attack rate reported in 2023 (69%), the attacks that do succeed are more devastating. The mean cost in state and local government organizations to recover from a ransomware attack was $2.83M in 2024, more than double the $1.21M reported in 2023.

Geographic Vulnerabilities: The Most Targeted States

Analysis of cyber incidents reveals which states are most at risk:

California: Experienced the highest total financial losses from cybercrime in 2024, at more than $2.5 billion. Its high concentration of technology and critical infrastructure makes it a prime target.

Texas: Ranked second for financial losses in 2024, with more than $1.3 billion reported. In addition to recent municipal attacks, Texas's large energy sector has been targeted by foreign state-sponsored groups.

Florida: Ranked third for financial losses in 2024, with over $1 billion. It is frequently targeted due to its large number of residents and economic activity.

Colorado: Had the highest cyberattack risk score in the U.S. in 2024, with significant attacks on healthcare and education sectors.

Educational Institutions Under Siege

The assault on America's educational infrastructure has been particularly devastating:

2022:

• Los Angeles Unified School District (2022): A ransomware attack compromised data of 100,000 individuals, including sensitive information about students and staff.
• Fort Lauderdale, Florida (2022): A phishing scam led to fraudulent payments, costing the city officials significant financial losses.

2021:

• Broward County Public Schools, Florida (2021): The Conti ransomware group involved a ransom demand and exposed student and teacher records, affecting one of the country's largest school districts.

The Texas Precedent: Mass Coordination

One of the most concerning developments in municipal cyberattacks was the coordinated assault on Texas municipalities in August 2019. This attack targeted 22 local governments simultaneously, disrupting services across multiple jurisdictions. This early example of coordinated attacks foreshadowed the more sophisticated campaigns we're seeing today.

The Recent Cascade: A Timeline of Municipal Mayhem

2024-2025: The Year Cities Fell

The pace of attacks has been relentless:

August 2025:

• Nevada statewide ransomware attack
• Greenville, Texas municipal systems compromised

July 2025:

• St. Paul, Minnesota (National Guard activated)

December 2024:

• Rhode Island (December 2024): A cyberattack caused a major outage for the state's public benefits system, compromising the personal information of over 650,000 residents.

August 2024:

• Seattle, Washington (August 2024): A ransomware attack on the Port of Seattle disrupted the airport over the Labor Day holiday weekend.

July 2024:

• Columbus, Ohio (July 2024): The Rhysida ransomware group demanded $1.9 million after breaching city systems. When Columbus refused, the hackers leaked the personal data of approximately 500,000 residents.

May 2024:

• Macon-Bibb County, Georgia (May 2024): A ransomware attack forced the network offline.

Spring 2024:

• Kansas City, Missouri (Spring 2024): The city and its transit authority were hit by separate cyberattacks.
• Jackson County, Missouri (2024): A ransomware attack shut down county offices, impacting payments and property record searches.

When Your City Goes Dark: Protecting Your Smart Home from Municipal Cyber Collapse

Your smart home is only as secure as the city that surrounds it. As municipal cyberattacks surge across America, homeowners are discovering that their connected houses, automated security systems, and digital lifestyles are vulnerable to threats they never considered – attacks on the very cities they call home. The summer of

Secure IoT HouseSecure IoT House

2023:

• Dallas, Texas (May 2023): The Royal ransomware group encrypted servers, potentially exposing data of 26,000 residents and requiring significant recovery costs.

Additional Notable Attacks:

• Tarrant County, Texas (2024): Attackers demanded $700,000 and disrupted the Appraisal District's operations.
• Fulton County, Georgia (January 2024): A LockBit ransomware attack resulted in closure of county offices, disrupting various services and leading to data leakage after the ransom was not paid.

Why Cities Have Become Prime Targets

The Perfect Storm of Vulnerability

More than 70 percent all reported ransomware attacks in the U.S. target state and local governments. Several factors have created this vulnerability:

Resource Constraints: "In a lot of the cities, unfortunately, there's a one- or two-person IT shop that's handling the entire county or small city," according to cybersecurity experts.

Systemic Weaknesses: Cyber attacks on U.S. states and towns are a rising threat, with ransomware, phishing, and attacks on critical infrastructure posing a serious risk to essential services and citizen data. Municipalities are often targeted due to underfunded IT, outdated systems, and lack of staff training.

Outdated Infrastructure: Many municipal systems run on legacy technology that lacks modern security features. Many of the underlying technologies running their critical infrastructure are outdated. City authorities often lack the skills to upgrade their systems.

High-Value Targets: Cities hold vast amounts of sensitive citizen data and control critical infrastructure, making them attractive to cybercriminals seeking both financial gain and maximum disruption.

Payment Patterns: Local governments in particular have been one of the most targeted and often one of the most frequent to actually pay ransoms, though this trend appears to be changing.

The Human Cost of Digital Disruption

The impact extends far beyond statistics. In Nevada, residents couldn't renew driver's licenses or access state benefits. In St. Paul, citizens couldn't pay water bills or access library services. When government services are forced offline, the consequences can include halted economic activity, delayed emergency responses, and compromised citizen safety.

The Federal Response: Too Little, Too Late?

Shrinking Support in Critical Times

Ironically, as municipal cyberattacks surge, federal support is dwindling. In March, the federal government announced it would cut $8.3 million associated with MS-ISAC — more than half of its remaining 2025 budget, a key cybersecurity resource for local governments.

MS-ISAC detected and prevented more than 59,000 malware and ransomware attacks on local governments in 2024, making the funding cuts particularly concerning. The Center for Internet Security has been forced to temporarily fund these critical services at over $1 million per month.

The CISA Effect

Despite budget cuts, the Cybersecurity and Infrastructure Security Agency (CISA) continues to play a crucial role. More municipalities are also getting more help from CISA, which may be having an improvement as well in reducing some attack success rates.

The Evolution of Municipal Cyber Threats

Summer 2025: A New Wave of Sophistication

Multiple Microsoft SharePoint vulnerabilities were exploited this summer in a widespread cyber espionage campaign known as ToolShell. The campaign targeted organizations across the US, Europe, and the Middle East, including government agencies.

The attackers have evolved their methods: This summer, ransomware groups targeted healthcare, exploiting both the value of patient data and the urgency of care. A July 22, 2025, joint advisory by CISA, FBI, and HHS highlighted Interlock as a major threat.

Ransomware-as-a-Service: Democratizing Destruction

The rise of Ransomware-as-a-Service (RaaS) platforms has lowered the barrier to entry for cybercriminals. Groups like LockBit, which accounted for $91 million worth of ransomware payments in 2025, operate sophisticated affiliate networks that make attacks more frequent and harder to trace.

Fighting Back: Success Stories and Solutions

Signs of Progress

Not all news is dire. The reduction in attack rates on some municipalities suggests that investments in cybersecurity are paying off. Sophos's The State of Ransomware 2024 report found that just 34 percent of state and local governments reported a ransomware attack the previous year. That's not only the lowest rate among the 15 industries surveyed, it also represents a steep decline from the previous year.

When Cities Fall: How Municipal Cyberattacks Threaten Your Smart Office

As smart offices become increasingly integrated with urban infrastructure, the wave of municipal cyberattacks sweeping across America poses an unprecedented threat to business continuity. When your city’s digital backbone crumbles, your smart office feels every tremor. The summer of 2025 has delivered a harsh wake-up call to the smart office

Secure IoT OfficeSecure IoT Office

The Nevada Model: Rapid Response

Nevada's response, while unprecedented in scale, demonstrated the importance of immediate action. Officials quickly isolated systems, engaged federal partners, and maintained transparency with the public about the ongoing threat.

Minnesota's Military Solution

The deployment of the National Guard's cyber unit in St. Paul established a new model for state-level response to municipal cyber crises. Lt. Col. Brian Morgan shared some insight into how the agency is helping: "We're looking at how, whatever a threat actor gained access, what was their initial vector to access the network. How'd that happen? Where did they go? What have they done?"

Looking Forward: Preparing for the Next Wave

The 2025 Landscape

According to analysis from Cyble, U.S. ransomware attacks increased by 149% year over year in the first five weeks of 2025, with 378 reported incidents compared to 152 in 2024. This suggests the threat landscape is intensifying, not improving.

Critical Investment Areas

Infrastructure Modernization: Cities must prioritize updating legacy systems that lack basic security features.

Staff Training and Retention: City executives have to assume a leadership role in ensuring the digital safety and security of their constituents, and not merely delegate this role to an underling.

Backup and Recovery: 78% of state and local government organizations restored encrypted data using backups, highlighting the critical importance of robust backup systems.

Inter-governmental Cooperation: The success of federal-state-local partnerships in Nevada and Minnesota demonstrates the value of coordinated response efforts.

The Stakes Could Not Be Higher

As we move deeper into 2025, the pattern is clear: America's cities and towns are under digital siege. From Nevada's statewide shutdown to St. Paul's military response, these attacks represent more than isolated incidents – they're harbingers of a new era where cybersecurity failures can paralyze entire communities.

The cost of inaction is measured not just in millions of dollars, but in the daily lives disrupted, the services interrupted, and the public trust eroded. Every DMV closure, every water bill payment system offline, every police database inaccessible represents a fundamental failure to protect the digital infrastructure that modern society depends upon.

The municipalities that will survive and thrive in this new threat landscape are those that recognize cybersecurity not as an IT problem, but as a fundamental requirement for effective governance in the 21st century. The time for half-measures and deferred investments has passed. The cyber siege is here, and our cities must be ready to defend themselves.

As this crisis continues to unfold, one thing is certain: the next attack is not a matter of if, but when. The question is whether America's cities will be ready.