The United Keetoowah Band of Cherokee Indians in Oklahoma has cited an IT disruption that it says is delaying services across tribal offices, after a later notice said its Stilwell office would be closed Friday.
In a Dec. 4 Facebook post, the tribe said it had identified the source of what it called an IT issue and was working to restore systems within the next few days. It said tribal offices and departments, including tag services and suboffices, were experiencing service delays, but Echota Behavioral Health and other UKB health programs were not impacted.
Around the same time, additional posts on the tribe’s Facebook page and stories signaled broader operational effects, indicating some suboffices would be closed or operating on a limited basis on certain days.
On Dec. 11, the tribe posted that the Stilwell office would be closed on Dec. 12. In the comment thread, a user asked whether the closure was because of the computers. Another commenter replied that the computer problems were at the Stilwell location, not elsewhere, and suggested systems at the tribe’s Tahlequah headquarters were operating normally.
Ransomware.live, which aggregates ransomware groups’ public claims, lists the United Keetoowah Band under the Rhysida group. A listing on the site does not, by itself, confirm a cyberattack, data theft or a ransom demand.
The tribe had not published a formal incident statement on its website as of Friday and did not respond to a request for comment at the time of publication.
The United Keetoowah Band is a federally recognized Cherokee tribe headquartered in Tahlequah and one of three federally recognized Cherokee tribes in the United States.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
Recent cyber incidents involving other tribal governments show how technology disruptions can spill into public services and tribally owned enterprises. In Minnesota, the Lower Sioux Indian Community said unauthorized access forced parts of its network offline and disrupted operations at Jackpot Junction Casino Hotel, with services restored over the following days.
In Michigan, the Sault Ste. Marie Tribe of Chippewa Indians shut down Kewadin Casinos during a ransomware incident and later said it reviewed affected files and notified people whose information may have been involved. In Idaho, the Shoshone-Bannock Tribes reported a network security incident that knocked email, phone and network services offline, with officials warning that sensitive information may have been accessed.
Rhysida has been tied to other high-profile disruptions in recent years, including incidents involving the operator of Seattle-Tacoma International Airport and the city of Columbus, Ohio.
