The United Keetoowah Band of Cherokee Indians in Oklahoma said its office in Stilwell would be closed Friday because of computer system issues, as a ransomware tracking site listed the tribe among victims claimed by the Rhysida group.
The tribe posted the closure notice on its official Facebook page. In comments, some users asked whether computers were “up and running yet,” suggesting the disruption may be affecting in-person services.
In the comment thread, a commenter suggested the computer problems were limited to the Stilwell office, adding that systems in Tahlequah, where the tribe is headquartered, appeared to be operating normally. The tribe has not confirmed the scope of any disruption.
Ransomware.live, which aggregates ransomware groups’ public claims, lists “United Keetoowah Band of Cherokee Indians in Oklahoma” under Rhysida with a discovery date and estimated attack date of Dec. 12. A listing on the site does not, by itself, confirm a cyberattack, data theft or a ransom demand.
As of Friday, the tribe had not published a formal incident statement on its website. The tribe also did not respond to a request for comment at the time of publication.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
The United Keetoowah Band is a federally recognized Cherokee tribe headquartered in Tahlequah and one of three federally recognized Cherokee tribes in the United States.
Recent cyber incidents involving other tribal governments show how technology disruptions can spill into public services and tribally owned enterprises. In Minnesota, the Lower Sioux Indian Community said unauthorized access forced parts of its network offline and disrupted operations at Jackpot Junction Casino Hotel, with services restored over the following days.
In Michigan, the Sault Ste. Marie Tribe of Chippewa Indians shut down Kewadin Casinos during a ransomware incident and later said it reviewed affected files and notified people whose information may have been involved. In Idaho, the Shoshone-Bannock Tribes reported a network security incident that knocked email, phone and network services offline, with officials warning that sensitive information may have been accessed.
Rhysida has been tied to other high-profile disruptions in recent years, including incidents involving the operator of Seattle-Tacoma International Airport and the city of Columbus, Ohio, according to The Associated Press.
In Oklahoma, the Cheyenne and Arapaho Tribes have also reported being targeted in a ransomware incident.
