Cyber Incident Victim: Winona County

In January 2026 Winona County experienced its first ransomware attack of the year, which was publicly announced at that time. A second ransomware attack occurred earlier in April 2026, prompting the county to pull parts of its network offline to limit the threat. The isolated segments included the vital statistics system and the Department of Motor Vehicles system, while emergency services remained unaffected. To address the incident the county requested and received assistance from the Minnesota National Guard. A local state of emergency was declared for both the January and April attacks.

Following the containment efforts the county began restoring its public‑facing systems in phases, with officials stating on Thursday that close to full office operations were expected to resume the following Friday. Residents were warned that some delays might persist as backlogs were processed and were advised to call ahead before visiting a county office to confirm staff availability. The county emphasized its commitment to minimizing the impact on residents conducting business and expressed gratitude for the community’s patience during the recovery. The county stated, "We remain committed to minimizing the impact on residents doing business with the county," and added, "We are incredibly grateful for our community’s patience as we work to recover from this incident." Preliminary investigation into the second attack indicated that the incident is believed to have been done by a different cyber criminal than the one responsible for the January attack.