Local governments targeted by cybercrime

Winona County in southeastern Minnesota has now been hit by two major cyber incidents in 2026, and the latest one was serious enough that Governor Tim Walz activated the Minnesota National Guard to help keep county operations running. (mprnews.org, postbulletin.com) The county said in January that it had already responded to a ransomware attack on its computer network, brought in outside forensic experts, and coordinated with local, state, and federal law enforcement. (winonacounty.gov) This week’s attack disrupted government information technology systems, which are the digital plumbing behind things like permits, land records, payments, and routine messages with outside vendors. Winona County’s own website shows how much of that work now runs through online tools, including electronic recording for property documents. (mprnews.org, winonacounty.gov) That is why county attacks are so tempting to criminals. A county office may not look rich, but it holds tax data, court records, property filings, payroll systems, and the contact details needed to pressure both staff and contractors. (mprnews.org) Local governments also tend to run older software with smaller information technology staffs than big companies, which means a county can have the digital exposure of a medium-size business without the security budget of one. The Federal Emergency Management Agency’s state and local cybersecurity grant program was created specifically to help smaller governments close that gap. (fema.gov) Ransomware works like a burglar changing every lock in a building and then charging the owner for the keys. The federal Cybersecurity and Infrastructure Security Agency says these attacks often begin with stolen passwords, unpatched software, or fake messages that trick an employee into opening the door. (cisa.gov) For a county, the damage is not just a frozen screen in an office. If email goes down, vendors cannot send invoices, staff cannot confirm contracts, and residents can hit delays in everything from recording a deed to pulling a permit. (mprnews.org, winonacounty.gov) Winona County’s latest emergency response shows how hard recovery can be once an attack spreads. State officials said the county was already working with Minnesota Information Technology Services, the Minnesota Bureau of Criminal Apprehension, the Federal Bureau of Investigation, and an outside cybersecurity vendor before National Guard help was added. (postbulletin.com) Federal guidance now treats this as a standing problem, not a rare one-off. The Cybersecurity and Infrastructure Security Agency keeps a dedicated ransomware alert system and response checklist because attacks on public agencies, schools, hospitals, and local governments have become routine enough to need playbooks, not improvisation. (cisa.gov, cisa.gov) Winona County has about 50,000 residents, which is part of what makes this story useful as a warning. You do not need to be New York City or Los Angeles to become a target; a county with enough records to lock up and enough pressure to restore services can be lucrative on its own. (dysruptionhub.com, mprnews.org)