The Cheyenne and Arapaho Tribes of Oklahoma say a ransomware attack forced them to shut down tribal computer networks, disrupting email and phone service and temporarily suspending some operations as systems are restored and investigators work the case.
Tribal Gov. Reggie Wassana said in a statement that the tribes were “targeted by a ransomware attack” and that operations were temporarily suspended while officials responded and began recovery.
A Jan. 2 update posted by the Cheyenne and Arapaho Tribal Tribune described the Dec. 8, 2025, incident as an “attempted cybersecurity intrusion” and said leadership took systems offline “out of an abundance of caution” while a third-party cybersecurity firm engaged through the tribe’s cyber insurance assessed the situation and helped restore services. The update said about 80% of tribal employee users at the Concho headquarters had been restored as of that date, with remaining systems returning in phases.
Notices from the tribe’s higher education program said the outage limited access to computers, email and phones and warned of possible delays in Spring 2026 scholarship processing. The program said students will not be penalized for delays related to the disruption.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
On social media, the tribe posted alternate phone numbers for contacting officials during the disruption, and commenters asked whether “computers and phones” were back up in Clinton, Oklahoma, home to one of the tribe’s Lucky Star Casino locations. DysruptionHub reviewed a screenshot of the comment thread.
Ransomware tracking sites also listed the tribes as a victim claimed by the Rhysida ransomware group, but the tribes and federal authorities have not publicly confirmed any attribution. The tribes did not immediately respond to an email seeking comment on the Rhysida claim.
The current operational impact was not fully clear. Tribe-related Facebook posts in mid-February continued to direct the public to alternate phone numbers for some government functions.
The Cheyenne and Arapaho Tribes are a federally recognized tribal government headquartered in Concho, Oklahoma, with more than 12,000 enrolled citizens and a jurisdictional area spanning multiple western Oklahoma counties.
In 2025 alone, tribal governments and tribally owned casinos reported multiple cyber disruptions, including an IT outage the United Keetoowah Band in Oklahoma said was tied to a ransomware incident and ransomware attacks that shut down casino operations for the Sault Ste. Marie Tribe of Chippewa Indians in Michigan and the Lower Sioux Indian Community in Minnesota.
The tribes have faced ransomware-linked disruption before. In 2021, Lucky Star Casinos operated by the tribes temporarily closed after a ransomware attack disrupted systems.
