The government of the Cheyenne and Arapaho Tribes is being extorted by cybercriminals after a ransomware attack shut down its schools and critical systems in January.
The Rhysida ransomware gang took credit for the attack this week and demanded 10 bitcoin, or about $660,000, in exchange for not leaking information stolen from the systems of the Cheyenne and Arapaho Tribes, a federally recognized government headquartered in Concho, Oklahoma.
Officials previously confirmed the ransomware attack in January.
The tribal government said the cyberattack began on December 8, 2025, when its IT team discovered an attempted intrusion by threat actors. Systems were shut down and the tribe worked with its insurance provider on the recovery effort.
A follow-up statement from tribal governor Reggie Wassana confirmed they dealt with a ransomware attack and federal authorities were brought in to help.
“The criminals have targeted hundreds of notable companies such as Target, Xerox, Carnival Cruises, Blue Cross Blue Shield as well as local hospitals and airlines. Ironically, it is the high profile and financial success of our tribe that made us a prime target,” he said in a letter to the tribe.
“Let me be clear: This was a terrorist attack, and WE DID NOT NEGOTIATE NOR SURRENDER. These criminals have not, and will not, receive one cent from the members of the Cheyenne and Arapaho Tribes.”
Wassana committed to continue paying employees of the local Lucky Star Casino as the recovery effort continued through January. The tribe governs about 12,000 residents.
The tribe’s Department of Education also warned the attack took down its computers, email and phone system. Students were not penalized for any delays in returning assignments as a result of the internet outages.
Tribal administrations across the U.S. were targeted by ransomware gangs in 2025. The city of Durant, just three hours away from Concho and the capital of the Choctaw Nation, was hit with a cyberattack last year, and tribes in Minnesota and Michigan were also attacked by ransomware gangs.
The Rhysida ransomware gang has repeatedly targeted governments across the globe, including Kuwait’s Finance Ministry, as well as the transportation department of Maryland, the city of Seattle and the city of Columbus, Ohio.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.
