Minot City Responds Quickly to Ransomware Attack on Water Plant

City manager says water supply remained safe as staff unplugged server and switched to manual operations.

Apr. 2, 2026 at 8:19pm

Got story updates? Submit your updates here. ›

An extreme close-up of a damaged water treatment plant control panel, conveying the gritty, investigative aesthetic of a crime scene photograph.A ransomware attack on Minot's water treatment plant exposed vulnerabilities in the city's critical infrastructure, prompting a review of cybersecurity measures.Minot Today

The city of Minot, North Dakota, responded swiftly to a ransomware attack on its water treatment plant last month, quickly disconnecting the affected server and switching to manual operations to maintain the safety of the water supply. While the hackers sent a message demanding payment, the city chose not to engage and instead focused on restoring normal operations.

Why it matters

Ransomware attacks on critical infrastructure like water treatment plants pose a serious threat to public health and safety. Minot's quick response and decision not to pay the ransom demonstrates how municipalities can take proactive steps to protect their systems and residents in the face of such cyber threats.

The details

On March 14, Minot's Water Treatment Plant discovered a ransomware attack on one of its computer servers that targeted the SCADA system used to monitor plant operations. In response, city staff unplugged the server entirely and switched to manual operations for 16 hours until a backup server could be brought online. During this time, the city ensured water pressurization and safety were maintained, and the public was not notified as there was no impact to the water supply.

  • The ransomware attack was discovered on March 14, 2026.
  • City staff unplugged the affected server and switched to manual operations for 16 hours.

The players

Tom Joyce

Minot City Manager who oversaw the city's response to the ransomware attack.

Minot Water Treatment Plant

The municipal water treatment facility that was the target of the ransomware attack.

Got photos? Submit your photos here. ›

What they’re saying

“You can pull it, like they did, and we went to manual operations.”

— Tom Joyce, Minot City Manager

“Getting out and walking the system and making sure that's all working. Getting out to our city water towers, ensuring that we're maintaining pressurization.”

— Tom Joyce, Minot City Manager

“The water remained potable. It was safe. Never an issue with the safety of the water to all of our users. No problem with the pressurization, and that's why nobody knew it even happened.”

— Tom Joyce, Minot City Manager

“The bad actor communicated: 'In other communities they've paid up to $1 million to stop this from occurring,'”

— Tom Joyce, Minot City Manager

“You know what we paid? Maybe a few hours of overtime because we pulled the plug. We did the right thing.”

— Tom Joyce, Minot City Manager

What’s next

The city of Minot is reviewing all of its cybersecurity measures and setting up additional training to prevent future ransomware attacks on its critical infrastructure.

The takeaway

Minot's swift and decisive response to the ransomware attack on its water treatment plant, including isolating the affected systems and maintaining manual operations to protect the water supply, demonstrates how municipalities can take proactive steps to safeguard their communities from such cyber threats without giving in to ransom demands.