Skip to main content

How safe from a ransomware attack are Minnesota's government computers?

WannaCry ransomware has been detected across more than 200,000 computers in 100-plus countries. So how protected is Minnesota?

There are about 45,000 computers and servers, countless emails, numerous websites, and personal records of 5.5 million Minnesotans that are all under the watch of MNIT.

MNIT is Minnesota's Information Technology agency, in charge of everything tech-related for the state's executive branch, and also does work for more than 70 government��agencies and boards.

So if, say, a ransomware attack was crippling thousands of computers in countries across the globe, the defenses MNIT put up are what would keep the malware out of the state's computers.

"We have absolutely seen it knocking on our door right from the get-go," Andrew Call told GoMN.

Call is the director of information security with MNIT, and was talking specifically about the WannaCry ransomware (aka WanaCrypt0r) attack. Workers who started seeing it ramp up Friday morning began the analysis: What is it? How is it coming in? Are the state's computers exposed? How is it spreading?

"We were fortunate to have had some proactive boundary protection rules put in place, and a fairly close to complete patching in place," Call explained.

So while WannaCry may have been "knocking on our door" in Minnesota, it was kept outside. At least for now.

How vulnerable is Minnesota?

These thousands of computers (which include laptops and desktop PCs) are spread across offices and run the gamut of operating systems, including Unix, Linux and OSX. But the majority, Call said, use some version of Windows.

Windows of course is the operating system the WannaCry ransomware targeted. It took advantage of a security flaw, leaked by a group of hackers earlier this spring, to worm its way into the computer, encrypt all the important files, then hold them hostage until getting a bitcoin payment.

Microsoft issued a patch for supported Windows system, fixing that flaw back in March. But anyone who didn't download and install that security update – or is still using an old, unsupported version of Windows – was left vulnerable.

At MNIT, most of the PCs they oversee are using a supported version, meaning they would have been patched – Call said that's something they check regularly, usually once a week.

There are a few clusters of computers under MNIT's watch that are running older Windows versions however. For example, Call said there's some lab equipment that runs on embedded Windows XP. And some decades-old programs won't work on newer machines.

For those vulnerable computers, Call said the "layers" of defense they implement have kept this ransomware at bay. So far so good it seems, even as the WannaCry ransomware spreads.

"Right now we are not aware of any successful impact," Call said.

They want more money for upgrades

This high-profile ransomware attack comes at a time MNIT is fighting for more funding.

The agency already fends off three million malicious attacks every single day, spokesperson Cambray Crozier said. They asked lawmakers for more money – just over $22 million in 2018, with about $4.8 million each year after that – to make proactive upgrades.

For example, MNIT has 27 data centers around the state, Legislative Director Jon Eichten told GoMN. He said it's "impossible to secure" all of those from attacks with the current funding levels. So $14 million would go toward consolidating the servers, reducing the number of scattered targets.

Another goal: Get MNIT staffers working 24/7.

"The way the internet works is these attacks don’t just come in during business hours … they come in all the time," Call said. "We’re unable to react. We don’t have our eye on the ball at night."

As Jenna Covey, MNIT's chief digital officer, put it on Twitter:

But will they get it?

The budget bill that was finalized and passed by the House and Senate contained $0 in new direct funding for cybersecurity. Instead MNIT would get about $2.2 million each year, the same as 2016-17.

The agency also brings in money through chargebacks – they do IT work for other agencies, and those agencies pay MNIT for the services. But it's hard to take dramatic, proactive security steps under that decentralized model, Crozier argues.

That budget bill was actually vetoed by Gov. Mark Dayton, and he actually cited the lack of additional funding as a reason. So will a new, renegotiated bill bring in more money?

Rep. Sarah Anderson, who helped finalize the vetoed budget bill, told GoMN the bill directs MNIT to fully consolidate state agencies– a process that started back in 2011 but hasn't been completed she said. That lack of progress "impedes our ability to effectively protect against attacks," she said.

And Sen. Mary Kiffmeyer, who played a similar role on the Senate side, told GoMN via email the offer they're working on now will "likely" see more cybersecurity funding. But she's looking for more future-oriented plans from the governor than she said she's gotten so far.

"Hacking is not new. We had 'paper hacking' in the past. Always attractive to those with bad intents," she added.

Next Up

Screen Shot 2022-10-07 at 10.49.51 AM

Sisters now living in MN win $80K over treatment at Texas border facility

Kerlin Sanchez Villalobos and her sister were awarded a settlement of $80,000.

Minneapolis Fire Department

Series of garage fires cause damage in south Minneapolis

Two of the fires occurred on the 4500 block of Snelling Avenue.

Cedric Alexander

Minneapolis’ public safety chief spends evening mocking, blocking on Twitter

The community safety commissioner responded to one user's question about downtown policing by calling them two-faced.

Screen Shot 2022-10-06 at 4.04.40 PM

Ramen bar announced for upcoming Eat Street Crossing food hall

The restaurant roster is filling up at Eat Street Crossing.

police lights squad car dark - Unsplash

Man dies after being shot during argument in Minneapolis

It's the 70th homicide in Minneapolis this year.


Minneapolis police, city employees clear out Near North encampment

This comes as colder weather moves through the state.

Screen Shot 2022-10-06 at 4.32.46 PM

New T.J. Maxx to open in the Twin Cities this month

Opening day will kick off with extended hours.

Screen Shot 2022-10-06 at 3.04.24 PM

Former Hennepin County commissioner arrested for DWI

The 61-year-old was being held in Hennepin County Jail as of Thursday morning.

Evie Carshare

Electric carshare network showing growth in Twin Cities

Over 25,000 trips have been logged in a six-month span.

Screen Shot 2022-10-06 at 1.11.01 PM

Popular Apple Valley ice arena could be replaced

A concept plan to transform the ice arena is being considered.


Low river levels bring cancellations for St. Paul-New Orleans Viking cruises

The low water also impacted some barge traffic making its way down the river.


'Accidental hero' slowed the global ransomware attack – but it might not be over

The malware locks up your computer and threatens to wipe your files, unless you pay $300 in bitcoin.

How big a deal is this hack of Minnesota government and MSU Moorhead servers?

Email addresses, encrypted passwords, user IDS – what someone could do with the information.

A cyber attack is holding computers around the world for ransom

One malware site says this WannaCry attack has been detected in 99 countries.

What to know about this global cyber attack

Researchers think it could be a malware that's been sold on the dark web's black market.

Computers at Minnesota's Tettegouche State Park were hit with malware

Anyone who used a credit card at the park in late August should be alert.

What happened to the proposal to stop internet providers selling MN customers' data?

It got a lot of support – but right now isn't included in any bill. Here's what is going on.

New proposal: Internet companies should pay you if they use or sell your data

It's your data that's valuable – should you get compensated for it?

WikiLeaks leak claims CIA can get past phone encryption, hack into Smart TVs

This leak of more than 8,000 files has not been authenticated – though it appears legitimate.