On April 28, a conglomeration of three Native American tribes said to its staff and employees that its server was hacked and encrypted by ransomware. The tribesmen have been unable to access files, email, and critical information as a result of the attack.
The Three Affiliated Tribes—the Mandan, Hidatsa & Arikara Nation (MHA)—has onboarded external experts to remedy the situation:
“MHA’s management information system has been exposed to an external cyber security issue and we have formulated a team of experts to assist our analysis and have coordinated with external government entities as well,” said MHA’s Mark Fox in an email to Native News Online.
This attack on US tribes serves to show how prevalent ransomware attacks have become and that threat actors are always looking to widen their area of operation.
The Three Affiliated Tribes notified its employees on April 28 and explained what type of virus software ransomware is:
“One thing it does is gets in the system and switches file locations and file names,” said Mandan, Hidatsa & Arikara Chief Executive Officer Scott Satermo. “Share this text, call, or use other methods as we have no way of sending an email notification at this time.”
MHA CEO Satermo asked employees to refrain from using their work computers, and said a cybersecurity team is on-site and has begun “the process of cleaning computers.”
Native News Online journalists contacted the Department of Homeland Security for more information and got the following reply from the Department of Homeland Security Director of Tribal Government Affairs David Munroe: “Your best contact may be the tribe itself to see what federal assistance it has sought and what information it is willing to release.”
Ransomware attacks are common today, and in recent years, they have become increasingly prevalent among the nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations. Still, there is no database with statistics on how often tribes are affected by cyberattacks. These attacks are not widely reported among tribes.
It is known, though, in 2019, the Eastern Band of Cherokee tribe’s network experienced a cyberattack and shut down. At the time, the Federal Bureau of Investigation, the Department of Homeland Security, and the North Carolina State Bureau of Investigation jointly with the tribal police conducted an investigation. An Eastern Band of Cherokee tribal member was found responsible for the system breach and arrested for “tampering with public records and obstructing government functions.” Richard Sneed, Principal Chief of Eastern Band of Cherokee, called the incident “an act of domestic terrorism.”
U.S. Congress is evaluating the State and Local Cybersecurity Improvement Act that foresees allocating $25 million for tribal governments via the Cybersecurity and Infrastructure Security Agency (CISA). The bill currently is stalled in the Senate.