The Cheyenne and Arapaho Tribes are actively working to recover from a significant ransomware attack that impacted their schools and government functions after an intrusion on December 8. This incident highlights an alarming trend, as tribal governments are increasingly becoming targets for cyberattacks.
Responsibility for the attack has been claimed by the Rhysida ransomware group, as reported by cybersecurity outlet The Record. To avoid leaking potentially stolen data, the group demanded a ransom of 10 bitcoin, approximating $660,000 at the time. However, the tribe has not verified if any data was actually compromised.
In response to the attempted breach, the tribe’s IT team swiftly took their systems offline as a precautionary measure. The tribe made the situation public on January 7 through a Facebook update and a news release, detailing the ongoing recovery efforts.
%20(1)%20(1).webp)
Governor Reggie Wassana addressed the situation decisively, emphasizing the tribe's refusal to engage in negotiations with the perpetrators. "Ironically, it is the high profile and financial success of our tribe that made us a prime target," he stated in his communication to the tribe. "Let me be clear: This was a terrorist attack, and WE DID NOT NEGOTIATE NOR SURRENDER. These criminals have not, and will not, receive one cent from the members of the Cheyenne and Arapaho Tribes."
As of January, approximately 80% of tribal employees at the Concho headquarters had recovered their systems. The Department of Education also reported that it was making strides towards restoring its operations.
This incident follows a prior ransomware attack on the Lucky Star Casino operated by the tribe in 2021, where no ransom was paid. Rhysida, the group responsible for this latest attack, has been linked to multiple incidents involving governmental bodies since its emergence in 2023, according to industry publication Comparitech. Their operations rely on a ransomware-as-a-service model, allowing affiliates to exploit its tools to execute breaches and solicit payments.
The threat posed to tribal governments extends beyond their gaming facilities, as they have recently experienced a sharp increase in cyberattacks. With tribal casinos achieving record revenues, the allure for hackers to access sensitive information such as personal details about tribal members and customers has intensified.
Evidence indicates that these attacks are not limited to gaming but are encroaching on essential government and health service functionalities, amplifying operational and financial risks for tribal nations. As demonstrated in February 2025, ransomware forced the Sault Ste. Marie Tribe of Chippewa Indians to halt operations across all five Kewadin Casino locations in Michigan, severely disrupting health and government services. Shortly after, a breach at the Lower Sioux Indian Community's Jackpot Junction casino affected their health center and dental facilities.
Cybersecurity experts are ringing alarm bells regarding tribal leaders' awareness of interconnected casino networks that now link with government and health systems. During a May 2025 webinar hosted by advisory firm REDW, industry professionals shared insights on the significant costs associated with data breaches, averaging at $4.88 million per incident.
"You really need to be prepared to not ever let it get to that point," stressed REDW Senior Cybersecurity Advisor Trisha Wilbrand during the session.
The advisory firm suggested that tribes implement stringent cybersecurity measures, including mandatory training, mock phishing exercises, regular data backups, and formalized incident response plans. Their analysis indicated that organizations with established response protocols saved, on average, $2.03 million for each breach in comparison to those lacking preparation.