The government of the Cheyenne and Arapaho Tribes, headquartered in Concho, Oklahoma, is facing an extortion attempt following a ransomware attack that disrupted critical systems, including schools, in January. The Rhysida ransomware gang has demanded 10 bitcoin – currently valued at approximately $660,000 – to prevent the release of stolen data, according to reports. This cyberattack on tribal infrastructure highlights a growing trend of ransomware groups targeting government entities and critical infrastructure, and the Cheyenne and Arapaho Tribes are the latest victim in a wave of such attacks.
The initial intrusion was detected on December 8, 2025, when the tribe’s IT team identified a threat actor attempting to breach their systems. In response, tribal officials immediately shut down systems and began working with their insurance provider to recover. The Rhysida ransomware gang publicly claimed responsibility for the attack this week, escalating the situation with the demand for a substantial ransom payment. The attack has impacted the tribe’s Department of Education, disrupting computer systems, email, and phone services, and causing delays for students submitting assignments.
Rhysida’s Growing Profile and Tactics
The Rhysida ransomware group has been increasingly active, targeting a diverse range of organizations, from large corporations to local institutions. According to cybersecurity firm Recorded Future, the group has previously targeted companies such as Target, Xerox, Carnival Cruises, and Blue Cross Blue Shield, as well as hospitals and airlines. SC Media reports that the group’s pattern involves stealing sensitive data and threatening to leak it publicly if a ransom is not paid.
The Cheyenne and Arapaho Tribes’ governor, Reggie Wassana, has taken a firm stance against negotiating with the criminals. In a letter to the tribe, Wassana stated, “Let me be clear: This was a terrorist attack, and WE DID NOT NEGOTIATE NOR SURRENDER. These criminals have not, and will not, receive one cent from the members of the Cheyenne and Arapaho Tribes.” He also acknowledged that the tribe’s financial success likely made it a target. Despite the disruption, Wassana committed to continuing to pay employees of the Lucky Star Casino, a significant economic driver for the tribe, throughout the recovery process.
Impact on the Cheyenne and Arapaho Tribes
The Cheyenne and Arapaho Tribes govern approximately 12,000 residents. The ransomware attack has not only disrupted essential government services but has also created significant challenges for the tribal education system. Students have experienced delays in submitting assignments due to internet outages, but officials have assured them they will not be penalized. The disruption underscores the vulnerability of tribal governments to cyberattacks and the potential consequences for communities that rely on these services.
The attack comes at a time when tribal nations across the U.S. Are increasingly becoming targets for cybercriminals. The unique challenges faced by tribal governments – often including limited resources and aging infrastructure – can make them particularly vulnerable. Federal authorities have been brought in to assist with the investigation and recovery efforts, but the long-term impact of the attack remains to be seen.
A Broader Trend of Ransomware Attacks
The incident involving the Cheyenne and Arapaho Tribes is part of a larger, concerning trend of ransomware attacks targeting critical infrastructure and government entities. The Record notes that ransomware attacks against U.S. Organizations have been increasing in frequency and sophistication in recent years. These attacks can disrupt essential services, compromise sensitive data, and inflict significant financial damage.
The Rhysida group’s demand of 10 bitcoin is a significant sum, but it is not uncommon for ransomware gangs to demand large ransoms in the hope of securing a payout. The decision to pay or not pay a ransom is a complex one, with law enforcement agencies generally advising against it, as it can encourage further attacks. However, the potential cost of data breaches and service disruptions can sometimes lead organizations to consider paying the ransom as a last resort.
The Cheyenne and Arapaho Tribes have chosen not to negotiate, a decision that reflects a commitment to principle and a refusal to reward criminal activity. The tribe is now focused on restoring its systems and strengthening its cybersecurity defenses to prevent future attacks. The recovery effort is ongoing, and officials are working to minimize the disruption to tribal services.
The tribe’s Department of Education has been working to restore its systems and provide support to students and staff. The long-term impact of the attack on the education system remains uncertain, but officials are committed to ensuring that students continue to receive a quality education despite the challenges.
As of February 20, 2026, the Cheyenne and Arapaho Tribes continue their recovery efforts following the ransomware attack. The next update from tribal officials is expected in early March, detailing the progress of system restoration and the implementation of enhanced cybersecurity measures. The tribe encourages community members to remain vigilant and report any suspicious activity.
If you have been affected by this cyberattack or have information that could assist in the investigation, please contact the Cheyenne and Arapaho Tribes’ IT department or local law enforcement. Share your thoughts and experiences in the comments below.
