County officials first discovered the ransomware attack on the county's computer network on Tuesday, April 7, according to a statement from Maureen Holte, Winona County administrator. In response, county officials took affected systems offline and are working to restore services. Holte said people using county services can expect delays.
The ransomware attack did not affect county emergency services and 911 and emergency services continue to operate as normal, Holte's announcement said.
The ransomware attack comes less than three months after an earlier ransomware attack on county computer networks. That was discovered Jan. 22 and largely resolved by the end of February. Holte said the earlier attack led to the county updating its IT protocols and helped prepare the county for this incident.
"(W)e were in the process of implementing critical improvements to our network," Holte wrote. "In fact, those improvements helped us to detect this incident, investigate and take steps to recover."
The two incidents don't appear to be related, she added.
County officials asked state officials to declare a local state of emergency, which was granted. Gov. Tim Walz authorized a cybersecurity and recovery team from the Minnesota National Guard was sent to Winona to deploy to help with investigating the incident, containing the damage and restoring systems.
County officials also notified the FBI and Minnesota Cyber Resources.
Holte added that because the incident is now part of a criminal investigation, other details and information about the cyber attack aren't being released as of Wednesday.
©2026 the Post-Bulletin, Distributed by Tribune Content Agency, LLC.
