A ransomware incident at Minot’s water treatment plant in North Dakota forced staff to switch to manual operations for about 16 hours after a server was hit March 14, officials said.
KFYR reported the attack was disclosed in a March 31 letter from City Manager Tom Joyce to the City Council. The station said the compromised server was unplugged after the ransomware message was discovered. Publicly available council packets and minutes reviewed for March 16 and April 6 did not include an obvious standalone copy of the letter or a ransomware memo about the water treatment plant.
City officials have not identified who was responsible, and no public claim of responsibility has surfaced. DysruptionHub did not receive a response to an emailed request for comment.
City officials said the water supply remained safe, the city stayed operational, and workers maintained water pressure in storage facilities while carrying out manual procedures. Joyce also wrote, according to KFYR, that the note on screen did not include a direct demand for money and that there was no further interaction with the sender.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
A KX post on Facebook said the FBI is investigating. As of the latest reporting, neither the FBI nor the city had publicly posted a fuller incident statement with technical details about the affected server, the restoration timeline beyond the 16-hour manual period, or whether any data was accessed.
The public impact described so far appears limited to plant operations rather than customer water quality. The city says the water treatment plant supplies Minot and several other communities through the Northwest Area Water Supply system, operates around the clock, and manages reservoirs, elevated tanks, booster pump stations and flow-control vaults.
Minot had an estimated population of 47,440 as of July 1, 2024, according to the U.S. Census Bureau. The plant supports drinking water and firefighting needs for a broader regional service area.
The incident fits a broader pattern of cyber pressure on U.S. water utilities. Arkansas City, Kansas, disclosed a September 2024 cyber incident at its water treatment facility but said water remained safe and service was not interrupted. In October 2024, American Water reported unauthorized activity in its networks that forced it to take some systems offline and pause billing, though it said water and wastewater operations were unaffected. In July 2025, Detroit’s Great Lakes Water Authority investigated a potential breach tied to a monitoring and reporting system at a water treatment plant, with officials again saying water quality was not compromised.
Officials have said the water remained safe, but have not publicly detailed the affected system, the full restoration timeline or whether any outside vendor or remote-access pathway was involved.
