Three Affiliated Tribes Hit by Ransomware Attack, Holding Tribal Information Hostage | Currents

Three Affiliated Tribes Hit by Ransomware Attack, Holding Tribal Information Hostage

(Courtesy photo)

BY DARREN THOMPSON MAY 07, 2021
NEWTOWN, N.D. — On April 28, the Three Affiliated Tribes—the Mandan, Hidatsa & Arikara Nation—announced to its staff and employees that its server was hacked and believe it was by malicious software called ransomware. Since the server was hacked, the tribe has been unable to access files, email and critical information.

Ransomware is a type of malware from crypto-virology that threatens to publish data or perpetually block access to it unless a ransom is paid, according to the Department of Homeland Security. The Federal Bureau of Investigation estimates that there are 4,000 ransomware attacks launched every day. An attack is launched every 40 seconds.

“MHA's management information system has been exposed to an external cyber security issue and we have formulated a team of experts to assist our analysis and have coordinated with external government entities as well,” said MHA Nation Tribal Chairman Mark Fox in an email to Native News Online.

A memorandum was sent to all Three Affiliated Tribes employees on April 28 with information that the hack was associated with ransomware. “One thing it does is gets in the system and switches file locations and file names,” said Mandan, Hidatsa & Arikara Chief Executive Officer Scott Satermo in the memorandum. “Share this text, call, or use other methods as we have no way of sending an email notification at this time.”

“Please refrain from using your work computers,” said MHA CEO Satermo in a memo dated May 3, 2021 to all Three Affiliated Tribe employees. “A cyber security team is on site and we will begin the process of cleaning computers.”

“Ransomware is running rampant in governments throughout the world,” said National Association of State Chief Information Officers (NASCIO) Director of Policy & Research Meredith Ward in an email to Native News Online. “Many local governments have been hit very hard.”

NASCIO is a 501c (3) (h) nonprofit with a primary objective in the advocacy and policy arena to provide policy-makers with insight and recommendations regarding the implications of technology-related legislation, regulations, policies and proposals. According to a study published by NASCIO on Oct. 14, 2020, 30 states said financial fraud was a leading cause of breaches in the past year compared to 10 states in 2018. Leading causes of breaches continue to be from external sources: malicious code (68 percent), web applications from external sources (81 percent), and “hacktivism” (86 percent), which is on the rise.

Although ransomware attacks may seem common, they are not widely reported among tribes. To date, there is no database with statistics if, and how often, tribes are affected by cyberattacks. According to the Cybersecurity & Infrastructure Security Agency (CISA), ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent years, ransomware incidents have become increasingly prevalent among the nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations.

In 2019, the Eastern Band of Cherokee’s network was shut down due to a cyberattack. An Eastern Band of Cherokee tribal member, who was also employed by the tribe, was arrested. The individual was arrested for “tampering with public records and obstructing government functions.” Eastern Band of Cherokee Principal Chief Richard Sneed called the incident “an act of domestic terrorism.” The Federal Bureau of Investigation, the Department of Homeland Security and the North Carolina State Bureau of Investigation assisted tribal police in the investigation.

The Department of Homeland Security was contacted for more information. “Your best contact may be the tribe itself to see what federal assistance it has sought and what information it is willing to release,” said Department of Homeland Security Director of Tribal Government Affairs David Munroe in an email to Native News Online.

On March 22, 2021, Native News Online reported that the Department of Interior reversed a Trump-era decision that determined a portion of the Missouri River on the Fort Berthold Indian Reservation would belong to the state of North Dakota. The decision came days after Laguna Pueblo Debra Haaland was sworn in as the first American Indian to serve as secretary of the Interior Department. The move could potentially bring billions of dollars of revenue to Mandan, Hidatsa and Arikara tribal members.

U.S. Congress is evaluating bills such as the State and Local Cybersecurity Improvement Act. If approved, the Act will allocate several billion in funding to cybersecurity for state, local governments, and $25 million for tribal governments via the Cybersecurity and Infrastructure Security Agency (CISA). It was read in the House Committee of Homeland Security in September 2020 and passed the House on a bipartisan voice vote, but remains stalled in the Senate.

Covid-19 has forced millions of Americans to migrate their everyday activities to the online world, increasing the possibility of cyberattacks.