Winona County, Minnesota confirmed on 30 April 2026 that data stolen during an earlier ransomware attack has been released publicly by the criminal group responsible, escalating the incident from service disruption to confirmed data exposure. The release follows the county’s decision not to pay the ransom. Investigators now need to compare leak-site material with internal file inventories, preserve ransom communications and document notification evidence for affected residents and county systems. The case follows a pattern of double extortion ransomware attacks targeting US county and municipal governments in early 2026, where attackers encrypt systems and simultaneously exfiltrate data to apply maximum pressure for payment. County systems that interface with law enforcement data, court records and social services are increasingly targeted because of the sensitivity of the data and the low resilience of local government IT infrastructure.
Partnered with
European Network of Law Enforcement Technology Services
Saturday, May 2, 2026