A cybercriminal group called Interlock yesterday took credit for an April 2026 data breach of the Winona County, Minnesota local government.
On April 9, 2026, the county announced that it took systems offline after it detected a ransomware attack, and told residents to expect delays.
On its data leak site, Interlock said it stole more than 2 million files from Winona County. To prove its claim, Interlock posted sample images of what it says are documents stolen from the county.
Winona County has not acknowledged Interlock’s claim and Comparitech cannot independently verify it. We do not know what data was compromised, if the county paid a ransom, how much Interlock demanded, or how attackers breached the county’s network. Winona County declined answering Comparitech’s questions due to the ongoing investigation.
“As part of our active and ongoing monitoring of the April 7, 2026 ransomware attack on Winona County we want to report that earlier today we learned that the cyber criminals responsible for this attack released information acquired from our network,” the county stated in a press release.
This was the second ransomware attack to hit Winona County in 2026. In January, the county declared a state of emergency following an attack carried out by unnamed cybercriminals.
“When the second incident happened, we were in the process of implementing critical improvements to our network. In fact, those improvements helped us to detect this incident, investigate and take steps to recover,” the county said.
“Based upon our preliminary investigation this is not the same cybercriminal responsible for the prior attack on Winona County.”
Who is Interlock?
Interlock is a ransomware gang that first started claiming attacks on its leak site in October 2024. Its malware both steals data and locks down computer systems. Interlock then demands a ransom to restore infected systems and delete stolen data.
Interlock has claimed responsibility for 16 ransomware attacks in 2026 to date. Of those, six were confirmed by the organizations targeted. This is Interlock’s first attack of the year to hit a government entity.
Three of its confirmed attacks hit schools, including Community College of Beaver County in Pennsylvania and Wagon Mound Public Schools in New Mexico. Interlock’s other attacks include those against Goodwill Industries and UK firm Urban Edge Architecture.
One of Interlock’s biggest attacks breached the Texas Tech University Health Sciences Center, which recently increased the number of people it notified to more than 1.6 million.
Ransomware attacks on US government
Comparitech researcher have logged 20 confirmed ransomware attacks on US government entities in 2026 so far. Other recently confirmed such attacks include:
- Kent District Library (MI) closed its doors due to an April 24 ransomware attack
- The city of Ardmore, OK reported an April 8 ransomware attack
- Adams County, MS spent more than $250,000 to restore and remediate systems after it refused to pay a ransom following an April 17 data breach
- MassDevelopment, the Massachusetts Development Finance Agency, reported a March 2026 data breach claimed by DragonForce
Ransomware attacks on government entities can both steal data and lock down computer systems. They can disrupt any number of government systems from bill payments to court records and even emergency dispatch. Governments must pay a ransom for the stolen data and to restore systems, or else they face extended downtime, permanent data loss, and putting data subjects at increased risk of fraud.
About Winona County, MN
Winona County is home to about 50,000 people in southeast Minnesota. The county seat and largest city is Winona.
