Minnesota Gov. Tim Walz has authorized the Minnesota National Guard to help Winona County officials respond to a cyberattack.
Winona County Administrator Maureen Holte said the county detected and responded Tuesday to a ransomware attack on its computer network, according to a statement released Wednesday afternoon. The county has taken its systems offline, “out of an abundance of caution,” while it works to secure and restore services safely. The public should expect delays as a result.
There has been no interruption in emergency services. 911 fire and emergency resources continue to operate.
The governor’s office said the county requested and received support from the Guard “due to the scale and complexity of the incident.'“
“Cyberattacks are an evolving threat that can strike anywhere, at any time,” Walz said in the statement. “Swift coordination between state and local experts matters in these moments. That's why I am authorizing the National Guard to support Winona County as they work to protect critical systems and maintain essential services.”
Winona County also immediately began an investigation, notified the FBI and Minnesota cyber resources, and worked with third-party cybersecurity and data forensics consultants. It also declared a local state of emergency to it could access all necessary resources to respond effectively.
“The County is following industry best practices and developing a comprehensive strategy to address this incident,” the press release continued. “We are continuously working to identify and mitigate threats when they occur. Winona County is committed to evaluate IT security protocols to make sure that sensitive data is protected to the greatest extent possible, across all networks where data resides.”
This is the second time Winona County has experienced a cyberattack this year. The county identified and responded to a “ransomware incident affecting our computer network” in January, according a Jan. 23 statement. Based on a preliminary investigation, Holte said the cybercriminal responsible for that earlier attack is not the same one responsible for the current incident.
But she said what they learned from the first attack may have helped prepare them.
“[We have been] in the process of implementing critical improvements to our network. In fact, those improvements helped us to detect this incident, investigate and take steps to recover.
Cyberattacks on local government entities appear to be becoming more commonplace. The city of St. Paul and Rochester Public Schools, for example have experienced attacks in recent years.
Given the ongoing criminal investigation, the county said it is unable to provide additional details at this time. It is actively monitoring the situation and will provide updated information as it becomes available.