The Cheyenne and Arapaho Tribes are continuing recovery efforts after a ransomware attack that disrupted schools and government operations following a Dec. 8 intrusion — an incident that comes amid a broader rise in cyberattacks targeting tribal governments.
The Rhysida ransomware group has claimed responsibility, cybersecurity publication The Record reported this week. The group demanded 10 bitcoin, or around $660,000 at the time of the report, in exchange for not leaking allegedly stolen data, though the tribe has not confirmed whether data was actually stolen.
The tribal government said its IT team identified an attempted intrusion on or about Dec. 8 and took systems offline as a precaution. The tribe publicly disclosed the incident on Jan. 7 in a Facebook post and a tribal news release.
Gov. Reggie Wassana issued a statement saying that the tribe would not negotiate with the group.
“Ironically, it is the high profile and financial success of our tribe that made us a prime target,” he said in a letter to the tribe. “Let me be clear: This was a terrorist attack, and WE DID NOT NEGOTIATE NOR SURRENDER. These criminals have not, and will not, receive one cent from the members of the Cheyenne and Arapaho Tribes.”
In its January statement, the tribal government said approximately 80% of tribal employee users at the Concho headquarters had their systems restored one month after the attack. The Department of Education also reported progress toward restoring operations.
The incident follows a previous ransomware attack on the tribe’s Lucky Star Casino in 2021, according to prior Tribal Business News reporting. No ransom was paid in that case.
Rhysida has claimed responsibility for numerous attacks on government entities since emerging in 2023, according to trade publication Comparitech. The group operates a ransomware‑as‑a‑service model in which affiliates use its tools to breach networks and demand payment.
Attacks spread beyond gaming floors
As tribal casinos reach record-high revenues, they have begun to attract more attention from hackers, particularly around sensitive information about tribal members and customers.
Recent incidents suggest the threat is expanding beyond gaming floors and into core government and health service functions, increasing operational and financial risks for tribal nations.
In February 2025, a ransomware attack forced the Sault Ste. Marie Tribe of Chippewa Indians to suspend operations at all five Kewadin Casino locations in Michigan and disrupted health services and tribal government operations, per prior Tribal Business News reporting. Two months later, an attack on the Lower Sioux Indian Community’s Jackpot Junction casino spread into the tribe’s health center, pharmacy and dental facilities.
Cybersecurity advisors have warned tribal leaders that casino networks are increasingly interconnected with government and health systems, creating pathways for attacks to spread. During a May 2025 Tribal Hospitality and Gaming webinar hosted by advisory firm REDW, experts said data breaches cost an average of $4.88 million per incident.
“You really need to be prepared to not ever let it get to that point,” REDW Senior Cybersecurity Advisor Trisha Wilbrand said during the webinar.
REDW advised tribes to implement mandatory cybersecurity training, mock phishing exercises, regular data backups and formal incident response plans. Organizations with established response plans saved an average of $2.03 million per breach compared to those without preparation, according to data shared during the webinar.
Brian Edwards contributed reporting.