Gov. Tim Walz Activates National Guard as Winona County Cyberattack Disrupts Essential Services
A significant cyberattack on Winona County, Minnesota, has severely disrupted critical systems, prompting state intervention to restore essential services. The attack, which began on April 6 and extended into the early hours of April 7, targeted the county’s digital infrastructure, impacting emergency and municipal operations. County officials reported that the incident significantly hindered their ability to deliver vital services, including administrative functions and public-facing operations.
In response to the escalating situation, Governor Tim Walz issued an executive order authorizing the Minnesota National Guard to assist in the recovery efforts. He emphasized the evolving nature of cyber threats, stating, “Cyberattacks are an evolving threat that can strike anywhere, at any time. Swift coordination between state and local experts matters in these moments. That’s why I am authorizing the National Guard to support Winona County as they work to protect critical systems and maintain essential services.”
Winona County Cyberattack Strains Local Response
The cyberattack quickly overwhelmed local response capabilities. County officials reported that teams have been working tirelessly since the incident was detected. The county is collaborating with various agencies, including Minnesota Information Technology Services, the Minnesota Bureau of Criminal Apprehension, the League of Minnesota Cities, the Federal Bureau of Investigation, and external cybersecurity specialists.
Despite the multi-agency response, the scale and complexity of the incident exceeded both internal and commercial response capabilities. This situation necessitated a formal request for cyber protection support from the Minnesota National Guard. The incident underscores a troubling trend: smaller jurisdictions are increasingly vulnerable to large-scale cyber disruptions that require state-level intervention.
National Guard Activated Under Emergency Order
The emergency order empowers the Adjutant General to deploy personnel, equipment, and other resources to support the response to the cyberattack. Additionally, the order permits the state to procure necessary services to manage the incident, with costs covered through the state’s general fund. This order is currently in effect and will remain active until the emergency conditions subside or the order is formally rescinded.
Officials have prioritized stabilizing affected systems, preventing further damage, and restoring full functionality as quickly as possible.
Essential Services Continue Amid Disruption
Despite the ongoing disruption, officials have assured the public that emergency services remain operational. Critical services such as 911 response and fire operations continue to function, ensuring that urgent public safety needs are met. However, the attack has caused delays in other county services, and residents have been urged to exercise patience as recovery efforts progress.
Investigation Underway
Authorities have not disclosed specific details regarding the nature of the cyberattack, including whether it involves ransomware or another type of intrusion. The FBI is actively involved in the investigation, working alongside state agencies and external cybersecurity experts. Investigators are focused on determining how the attack occurred, which systems were affected, and whether any sensitive data was compromised.
The immediate focus remains on containment, system recovery, and enhancing defenses to prevent future intrusions.
Earlier Ransomware Incident Raises Concerns
This recent cyberattack follows a ransomware incident reported by Winona County in January 2026. At that time, officials acknowledged the discovery of a ransomware attack affecting their computer network and initiated an investigation to assess the scope and impact of the incident. A local emergency was declared by County Board Chair Commissioner Meyer, allowing officials to maintain continuity of services while systems were analyzed and restored.
The recurrence of cyber incidents within such a short timeframe has raised alarms about ongoing vulnerabilities and the expanding threat landscape facing local governments.
Growing Cyber Pressure on Local Governments
The Winona County cyberattack highlights a broader trend: local governments are increasingly targeted by cyber threats but often lack the resources to effectively respond to complex incidents. When systems fail, the impact is immediate, disrupting public services and prolonging recovery efforts.
State support is currently aiding Winona County in stabilizing operations. However, this incident serves as a stark reminder that cyberattacks are becoming more frequent, disruptive, and challenging for local agencies to manage without external assistance.
For further details on this incident, please refer to the original reporting source: thecyberexpress.com.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
