Winona County, Minnesota, said Friday it contained a ransomware incident affecting its computer network and is testing systems with outside forensics help, while officials said emergency services, including 911 and fire response, remain fully operational.
In a county statement, officials said an investigation is underway and that the county is working with third-party cybersecurity and data forensics experts as well as local, state and federal law enforcement. The county said its IT department and cybersecurity team are actively testing and analyzing systems.
Many county phone lines were down and some internal networks were not working, county staff told The Winona Post. The outlet also reported that the sheriff’s office canceled its daily media briefing Thursday citing technical difficulties, at least one virtual meeting was canceled that afternoon, and deputies said access to police records software was not operational Friday morning.
The county declared a local emergency to support response and continuity efforts. The Winona Post reported County Board Chair Commissioner Chris Meyer said she signed the declaration to help the county tap state and federal assistance and set up an emergency command center, and that she believed the attack occurred Thursday.
In a public notice posted on the county website, the county board said it will hold a closed session Tuesday, Jan. 27, to discuss “networking infrastructure” under Minnesota’s Open Meeting Law. Minnesota law allows meetings to be closed to receive security briefings and discuss security systems and emergency response procedures.
The county has not publicly attributed the incident to any specific actor, and there were no immediate public claims of responsibility.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
Officials have not said which departments or applications were affected, whether any data was accessed, or how long systems may be impaired. The county said it is implementing business continuity measures and will provide updates as more information becomes available. The county did not respond to DysruptionHub’s requests for comment.
Minnesota public-sector networks have faced a steady drumbeat of cyber incidents over the past year, including a November 2024 attack that knocked out phone systems at the Minneapolis Park and Recreation Board and a June 2025 ransomware incident that temporarily disrupted Mower County services.
The summer of 2025 brought higher-profile disruptions, including a cyberattack on the city of St. Paul that led officials to declare a local emergency and prompted Gov. Tim Walz to activate the Minnesota National Guard.
North St. Paul also investigated a separate intrusion involving its police department that was detected in late July before it was publicly acknowledged.
Winona County, on the Mississippi River along the Wisconsin border, serves about 50,000 residents and is based in the city of Winona.
