Key Points
– Ransomware attacks on small and mid-sized businesses nearly doubled in early 2025 compared to the same period last year.
– Cities are now increasingly under attack. St. Paul, Minnesota, was hit by a major cyber incident that required help from the state National Guard.
– Hacker group Interlock claimed responsibility for leaking 43 GB of city data after officials refused to pay the ransom.
– Experts say underfunded infrastructure, lack of cyber talent, and aging systems are leaving both SMBs and municipalities exposed.
– Security leaders are urging immediate action, including better incident response planning, threat-sharing partnerships, and stronger identity protection.
A New Chapter in Ransomware: No Target Is Too Small
Ransomware has evolved. Once a tool used primarily to extort large corporations, it’s now spreading rapidly across smaller businesses and local governments. According to a recent report by Guardz, ransomware attacks on SMBs have nearly doubled in the first half of 2025 compared to the same period in 2024.
These smaller organizations are attractive targets because many lack the defenses and resources of large enterprises. And thanks to the growing popularity of Ransomware-as-a-Service tools on the dark web, threat actors don’t need to be highly skilled to launch an attack. The barrier to entry is getting lower while the consequences for victims are becoming more severe.
St. Paul’s Cyberattack: A Case Study in Municipal Vulnerability
On July 25, the city of St. Paul, Minnesota, was hit with a highly coordinated cyberattack that disrupted multiple public services. City Wi-Fi, email, library systems, and other internal tools went offline. In response, the city brought in outside security experts and the FBI, while the state activated its National Guard cyber protection team.
The hacker group known as Interlock claimed responsibility and posted 43 GB of city data online. The city confirmed the data breach but made a notable decision: it refused to pay the ransom.
Instead, St. Paul restored its systems from an uncompromised backup that had been saved just before the attack. The city prioritized restoration of emergency services, financial systems, and public access platforms. By late August, more than 90 percent of affected systems were back online with updated cybersecurity protocols in place.
This wasn’t an isolated case. Around the same time, the Aspen Institute Policy Academy experienced its own cyber incident after a phishing attack compromised a single business email account. It served as another reminder of how easily cybercriminals can slip through the cracks, even in respected organizations.
Why Cities and SMBs Are Under Fire
There are a few clear reasons why both small businesses and local governments are being targeted more frequently:
– Limited cybersecurity budgets
Many SMBs and municipalities operate with outdated infrastructure and limited funding for security tools and personnel.
Shortage of qualified talent
Hiring skilled cybersecurity professionals is difficult and expensive, especially for public-sector agencies that can’t match private-sector salaries.
– Outdated systems
Legacy software and hardware make organizations easier to breach and harder to defend.
– Valuable data
Cities and businesses store sensitive information like financial records, personal data, and internal communications that attackers can exploit or sell.
– Weak identity protection
A striking 80 percent of these attacks now involve credential theft, suggesting many organizations are failing to secure basic access controls.
According to cybersecurity sources, attackers increasingly see these organizations as “low-hanging fruit,” easy to penetrate, difficult to respond to quickly, and likely to pay.
What Security Experts Recommend Now
The recent wave of attacks has pushed experts to urge immediate action. Here are the top priorities for any organization looking to harden its defenses:
– Perform a full security audit
Understand your vulnerabilities and rank them by risk. Know what’s exposed and fix the easiest points of failure first.
– Update and patch systems regularly
Many breaches happen through known exploits in outdated software.
– Segment your network
This limits the damage if attackers do get inside. It makes lateral movement across systems much harder.
– Have a tested incident response plan
Don’t wait for a breach to figure out who does what. Create and rehearse your response procedures ahead of time.
– Use secure, offline backups
Make sure you have clean, recent backups that ransomware can’t touch. Test restoration processes regularly.
– Implement strong identity protection
Multi-factor authentication (MFA), password managers, and privilege-based access are now essential, not optional.
– Join threat intelligence networks
Government-backed Information Sharing and Analysis Centers (ISACs) let organizations learn from each other and stay ahead of common threats.
– Invest in cyber talent
If full-time hiring isn’t possible, explore partnerships or contracting experienced firms for audits, monitoring, and emergency support.
Why This Moment Matters
What we’re seeing is a shift in the ransomware landscape. The assumption that attackers only go after Fortune 500 firms is outdated. Cities, nonprofits, universities, and small businesses are all now in the line of fire.
What makes St. Paul’s story so important is the choice it made. It didn’t pay the ransom. It had a plan. It had a backup. And it recovered. That example can and should be a template for others.
Cybersecurity isn’t just about technology. It’s about preparedness. Leadership. Coordination. And making smart investments before something goes wrong, not after.
Final Takeaway
If you’re running a small company or helping lead a local government, the question is no longer if you’ll be targeted, but when. The good news is that the solutions don’t have to be expensive, but they do have to be intentional.
Start with backups. Train your staff. Get outside help if you need it. Most importantly, treat cybersecurity not as a side project but as part of your core business strategy.
Because in 2025, resilience is just as important as innovation.
About The Author
