The Brief
• Winona County detected a ransomware attack on Tuesday, prompting officials to take affected systems offline and declare a local state of emergency
• Minnesota National Guard cybersecurity specialists are assisting with investigation and recovery efforts after Governor Tim Walz authorized emergency assistance
• This is the second cyberattack on the county in less than three months, following a January ransomware incident that involved different cybercriminals
WINONA, Minn. (WKBT) — Winona County officials are working to restore computer systems after detecting a ransomware attack on Tuesday that forced the county to take affected networks offline and request assistance from the Minnesota National Guard.
County officials discovered the attack on Tuesday and immediately began investigating the incident while working with cybersecurity consultants. The county also notified the FBI and Minnesota cyber resources, according to County Administrator Maureen Holte.
The attack marks the second ransomware incident to hit Winona County in less than three months. The county responded to a previous ransomware attack in January 2026, which also prompted an emergency declaration.
Preliminary investigation indicates different cybercriminals are responsible for the current incident compared to the January attack, Holte said.
Governor Tim Walz issued an executive order Tuesday providing emergency assistance to Winona County after the attack disrupted critical systems and digital services. The Minnesota National Guard is now working to protect sensitive data as county systems remain offline.
“Cyberattacks are an evolving threat that can strike anywhere, at any time,” Walz stated. “That’s why I am authorizing the National Guard to support Winona County as they work to protect critical systems and maintain essential services.”
The county declared a local state of emergency and received assistance from the Minnesota National Guard, including a specialized cybersecurity and recovery team.
Cybersecurity experts say government entities are frequently targeted by cybercriminals because of the valuable data they hold.
“There’s a lot of important data that counties are holding, so a lot of people’s personal records, personal information that can be used for fraud,” said Shawn Walmer, Director of Cyber Security at 3RT Networks. “There’s always the possibility that they just did it to hold it for ransom and they’re hoping they’ll end up paying some amount of money for them to let them back into their own data.”
Officials stressed that emergency services remained operational throughout the incident. The county confirmed that 911 fire and emergency resources continue to operate without interruption.
The public should expect delays from county services while officials work to secure and restore systems safely. Due to an ongoing criminal investigation, the county is limited in providing any further details about the ransomware attack.
COPYRIGHT 2026 BY NEWS 8 NOW/NEWS 8000. ALL RIGHTS RESERVED. THIS MATERIAL MAY NOT BE PUBLISHED, BROADCAST, REWRITTEN OR REDISTRIBUTED.
