A Winona County cyberattack has disrupted critical systems and forced Minnesota to step in with emergency support.
The cyberattack on Winona County began on April 6 and continued overnight into April 7, affecting key digital infrastructure used to run emergency and municipal services. County officials said the disruption significantly impaired their ability to deliver essential services, including core administrative and public-facing operations.
Governor Tim Walz signed an executive order authorizing the Minnesota National Guard to assist with the response.
“Cyberattacks are an evolving threat that can strike anywhere, at any time,” said Governor Walz. “Swift coordination between state and local experts matters in these moments. That’s why I am authorizing the National Guard to support Winona County as they work to protect critical systems and maintain essential services.”
Winona County Cyberattack Strains Local Response
The Winona County cyberattack quickly overwhelmed local response efforts.
Officials said teams have been working around the clock since the incident was detected. The county is coordinating with Minnesota Information Technology Services, the Minnesota Bureau of Criminal Apprehension, the League of Minnesota Cities, the Federal Bureau of Investigation, and external cybersecurity specialists.
Despite this multi-agency response, officials confirmed that the scale and complexity of the incident exceeded both internal and commercial response capabilities. This led to a formal request for cyber protection support from the Minnesota National Guard.
The incident highlights how even smaller jurisdictions are now facing large-scale cyber disruptions that require state-level intervention.
National Guard Activated Under Emergency Order
Under the emergency order, the Adjutant General is authorized to deploy personnel, equipment, and other resources to support the response to the Winona County cyberattack.
The order also allows the state to procure services needed to manage the incident and confirms that costs will be covered through the state’s general fund. It is already in effect and will remain active until the emergency conditions subside or the order is formally rescinded.
Officials say the priority is to stabilize affected systems, prevent further damage, and restore full functionality as quickly as possible.
Essential Services Continue Amid Disruption
Even as systems remain impacted, officials stressed that emergency services are still operational.
911 services, fire response, and other emergency operations continue to function during the Winona County cyberattack, ensuring that urgent public safety needs are not affected.
However, the disruption has slowed other county services, and officials have warned that some delays are expected as systems are brought back online. Residents have been asked for patience while recovery efforts continue.
Investigation Underway
Authorities have not disclosed the nature of the Winona County cyberattack or whether it involves ransomware or another type of cyber intrusion.
The FBI is actively involved in the investigation, along with state agencies and external cybersecurity experts. Investigators are working to determine how the attack occurred, what systems were impacted, and whether any sensitive data was accessed.
For now, the focus remains on containment, system recovery, and strengthening defenses to prevent further intrusion.
Earlier Ransomware Incident Raises Concerns
The latest Winona County cyberattack comes as an update to a ransomware incident the county first reported in January 2026.
At the time, officials said, “We recently identified and responded to a ransomware incident affecting our computer network. Upon discovery, we immediately initiated an investigation to assess the scope and impact of the incident.”
A local emergency was declared during that event by County Board Chair Commissioner Meyer, as officials worked to maintain continuity of services. Emergency operations, including 911 and fire response, remained active while systems were analyzed and restored.
The recurrence of cyber incidents in such a short period has raised concerns about ongoing vulnerabilities and the growing threat landscape facing local governments.
Growing Cyber Pressure on Local Governments
The Winona County cyberattack highlight a broader trend, local governments are increasingly targeted but often lack the resources to respond to complex cyber incidents on their own.
When systems go down, the impact is immediate. Public services are disrupted, and recovery can take time.
State support is now helping Winona County stabilize operations. But the incident highlights a larger issue: cyberattacks are becoming more frequent, more disruptive, and harder for local agencies to handle without outside assistance.
