• Home
  • cyber
  • Three Affiliated Tribes: Three Affiliated Tribes Hit by Ransomware Attack, Holding Tribal Information Hostage
cyber Ransomware

Three Affiliated Tribes: Three Affiliated Tribes Hit by Ransomware Attack, Holding Tribal Information Hostage

May 7, 2021 2 min read
Three Affiliated Tribes: Three Affiliated Tribes Hit by Ransomware Attack, Holding Tribal Information Hostage

Ransomware Attack Disrupts Three Affiliated Tribes’ Operations in North Dakota

On April 28, the Three Affiliated Tribes the Mandan, Hidatsa, and Arikara (MHA) Nation confirmed a ransomware attack on its servers, crippling access to critical files, email, and internal systems. Tribal leadership, including Chairman Mark Fox and CEO Scott Satermo, notified employees that the incident had disrupted operations, with the malware altering file locations and names. A cybersecurity team was deployed on-site to begin system recovery, and employees were instructed to avoid using work computers until further notice.

Ransomware, a form of malware that encrypts or threatens to leak data unless a ransom is paid, has surged in frequency, with the FBI reporting an attack every 40 seconds. The MHA Nation’s breach aligns with a broader trend of escalating cyber threats targeting government entities, including tribal nations. According to the National Association of State Chief Information Officers (NASCIO), 68% of state-level breaches in 2020 stemmed from malicious code, while 86% were linked to hacktivism.

Tribal governments remain particularly vulnerable, with limited public data on the scope of such attacks. The Cybersecurity & Infrastructure Security Agency (CISA) notes that ransomware actors increasingly exploit exfiltrated data as leverage. In 2019, the Eastern Band of Cherokee Indians faced a similar incident, which led to the arrest of a tribal employee on charges of tampering with public records.

The MHA Nation’s attack occurs amid heightened federal attention on tribal cybersecurity. Congress is considering the State and Local Cybersecurity Improvement Act, which would allocate $25 million to tribal governments through CISA, though the bill remains stalled in the Senate. The COVID-19 pandemic has further amplified cyber risks as remote work and digital operations expand.

The Department of Homeland Security has not released additional details, directing inquiries to the tribe for further information. The incident underscores the growing threat of ransomware to tribal and local governments, with recovery efforts ongoing.

Source: https://nativenewsonline.net/currents/three-affiliated-tribes-hit-by-ransomware-attack-holding-tribal-information-hostag/

Three Affiliated Tribes - Fargo Satellite Office cybersecurity rating report: https://www.rankiteo.com/company/three-affiliated-tribes---fargo-satellite-office

"id": "THR1779373841",
"linkid": "three-affiliated-tribes---fargo-satellite-office",
"type": "Ransomware",
"date": "5/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Government',
                        'location': 'North Dakota, USA',
                        'name': 'Three Affiliated Tribes (Mandan, Hidatsa, and '
                                'Arikara Nation)',
                        'type': 'Tribal Government'}],
 'data_breach': {'data_encryption': 'Files encrypted (malware altered file '
                                    'locations and names)',
                 'type_of_data_compromised': 'Critical files, email, and '
                                             'internal systems'},
 'date_detected': '2023-04-28',
 'date_publicly_disclosed': '2023-04-28',
 'description': 'On April 28, the Three Affiliated Tribes (Mandan, Hidatsa, '
                'and Arikara Nation) confirmed a ransomware attack on its '
                'servers, crippling access to critical files, email, and '
                'internal systems. The malware altered file locations and '
                'names, disrupting operations. A cybersecurity team was '
                'deployed on-site to begin system recovery, and employees were '
                'instructed to avoid using work computers until further '
                'notice.',
 'impact': {'data_compromised': 'Critical files, email, and internal systems',
            'operational_impact': 'Disrupted operations, employees instructed '
                                  'to avoid work computers',
            'systems_affected': 'Servers, work computers'},
 'investigation_status': 'Ongoing',
 'ransomware': {'data_encryption': 'Yes (files encrypted, locations and names '
                                   'altered)'},
 'references': [{'source': 'National Association of State Chief Information '
                           'Officers (NASCIO)'},
                {'source': 'Cybersecurity & Infrastructure Security Agency '
                           '(CISA)'},
                {'source': 'Department of Homeland Security'}],
 'response': {'containment_measures': 'Employees instructed to avoid work '
                                      'computers',
              'remediation_measures': 'System recovery initiated',
              'third_party_assistance': 'Cybersecurity team deployed on-site'},
 'title': 'Ransomware Attack Disrupts Three Affiliated Tribes’ Operations in '
          'North Dakota',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.