Three Affiliated Tribes Hit by Ransomware Attack, Holding Tribal Information Hostage

Darren Thompson reports that on  April 28, the Three Affiliated Tribes—the Mandan, Hidatsa & Arikara Nation—announced to its staff and employees that its server was hacked and believe it was by malicious software called ransomware. Since the server was hacked, the tribe has been unable to access files, email and critical information.

MHA Nation Logo

Finding out how often tribes have experienced such incidents is difficult, it seems. Thompson reports:

Although ransomware attacks may seem common, they are not widely reported among tribes. To date, there is no database with statistics if, and how often, tribes are affected by cyberattacks. According to the Cybersecurity & Infrastructure Security Agency (CISA), ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent years, ransomware incidents have become increasingly prevalent among the nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations.

Read more on Native News Online. does not know which threat actors are responsible for the Three Affiliate Tribes incident, but in going through online leak sites by various criminal groups, we have seen the following tribes listed as victims whose files have been exfiltrated and/or dumped:

  • Squamish Nation (in B.C.) — data up for sale on threat actor’s site
  • Washoe Tribe — data dumped
  • Colorado River Indian Tribes — some data dumped in April notes that there are probably other examples in addition to the above, and this ste does not know whether the victim tribes have issued any notices. The information above is based on what the threat actors posted on their leak sites in casual inspection.


About the author: Dissent

Comments are closed.