Darren Thompson reports that on April 28, the Three Affiliated Tribes—the Mandan, Hidatsa & Arikara Nation—announced to its staff and employees that its server was hacked and believe it was by malicious software called ransomware. Since the server was hacked, the tribe has been unable to access files, email and critical information.
Finding out how often tribes have experienced such incidents is difficult, it seems. Thompson reports:
Although ransomware attacks may seem common, they are not widely reported among tribes. To date, there is no database with statistics if, and how often, tribes are affected by cyberattacks. According to the Cybersecurity & Infrastructure Security Agency (CISA), ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent years, ransomware incidents have become increasingly prevalent among the nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations.
Read more on Native News Online.
DataBreaches.net does not know which threat actors are responsible for the Three Affiliate Tribes incident, but in going through online leak sites by various criminal groups, we have seen the following tribes listed as victims whose files have been exfiltrated and/or dumped:
- Squamish Nation (in B.C.) — data up for sale on threat actor’s site
- Washoe Tribe — data dumped
- Colorado River Indian Tribes — some data dumped in April
DataBreaches.net notes that there are probably other examples in addition to the above, and this ste does not know whether the victim tribes have issued any notices. The information above is based on what the threat actors posted on their leak sites in casual inspection.