Hours earlier, a ransomware attack against the tribe\u2019s IT infrastructure had knocked the EBCI network offline \u2013 including 911 dispatch and the geolocation system used by paramedics and police officers.<\/p>\n
As a result, first responders from Cherokee were forced to spend an extra 18 minutes searching for the driver and her car. By the time they reached her, the woman had died from her injuries. She was 23.<\/p>\n \u201cWould that person have survived (without the delay)? Perhaps. We don\u2019t know,\u201d recalls Richard Sneed, principal chief of the EBCI. \u201cBut the reality is, when there\u2019s an emergency, every minute counts. And when you\u2019re delayed 18 minutes, that\u2019s somebody\u2019s life.\u201d<\/p>\n The attack on Dec. 7, 2019 was the result of vulnerabilities exploited by Russian cybercriminals to encrypt all tribal data. The hackers also left a text file in the victims\u2019 computers, demanding that a ransom be paid to recover the data.<\/p>\n Digital forensics work led tribal police to arrest a former employee, who was alleged to have played a role in increasing those vulnerabilities. A jury later found him guilty of misusing tribal property, a felony. Prosecutors chose not to pursue other charges, including charges specifically related to the 911 outage. He served 454 days in jail.<\/p>\n Some justice was served but the breach inflicted a heavy price. In addition to slowing the search for the injured driver, the EBCI lost a library of irreplaceable Cherokee language audio and video files. Tribal members worked for eight months to fully restore all core services.<\/p>\n Ultimately, the EBCI\u2019s cyber-insurance carrier paid the Russian cybercriminals several hundred thousand dollars in ransom to decrypt the data.<\/p>\n \u201cIt was surreal from start to finish,\u201d Sneed says. \u201cVery much like a movie script.\u201d<\/p>\n Prior to the cyberattack, the EBCI had established a business relationship with Microsoft, but the tribe had implemented only Microsoft Outlook at that time.<\/p>\n The hack prompted EBCI leaders to reevaluate their entire IT infrastructure \u2013 two banks of on-premises servers. After several conversations with Microsoft, they moved their IT system to Microsoft Azure<\/a> to fortify data security and better prevent future attacks.<\/p>\n To achieve that cloud migration \u2013 and start reestablishing 911 dispatch and other services \u2013 EBCI leaders invited Microsoft cloud solutions architect Elliot Huffman to work onsite at tribal headquarters in Cherokee. He arrived in March 2020.<\/p>\n \u201cAn absolutely beautiful place,\u201d Huffman says. \u201cIt\u2019s a bustling community with small shops and the best views.\u201d<\/p>\n The foothills town in Western North Carolina inhabits traditional Cherokee homelands. Once part of the far larger Cherokee nation, the Eastern Band descended from about 800 Cherokee who resisted joining the Trail of Tears \u2013 forced federal displacements of some 60,000 indigenous peoples between 1830 and 1850.<\/p>\n Those EBCI ancestors remained on the original Cherokee homelands, hiding in the North Carolina forests and foothills. During the 1870s, they purchased that same stretch of land, which became known as the Qualla Boundary. Today, the EBCI homeland spans more than 50,000 acres.<\/p>\n The tribe is federally recognized as a sovereign nation with its own laws, elections and governing institutions. But the sophisticated cyberattack decimated that foundation, taking an entire nation offline in one night.<\/p>\n Immediately after the hack, EBCI leaders declared a state of emergency. They contacted the U.S. Cybersecurity and Infrastructure Agency, or CISA, part of the Department of Homeland Security. Meanwhile, the FBI and the North Carolina State Bureau of Investigation helped conduct a criminal investigation.<\/p>\n Still, months of work lay ahead to rebuild the tribe\u2019s IT functions.<\/p>\n \u201cWhen I got there,\u201d Huffman recalls, \u201cthey were basically screaming for help: \u2018We lost everything.\u2019\u201d<\/p>\n The hacker had encrypted every computer with a different key. Those keys were sent back to a command-and-control structure managed by the hacker\u2019s counterparts in Russia. Simply put, the bad guys possessed a database listing of every machine, workstation and server on the EBCI network.<\/p>\n With that database, the criminals built a universal decryption tool, which could be used to reverse the effects of the attacks. After the ransom was paid, EBCI leaders received access to that decryption tool, then went machine by machine to retrieve most of their data.<\/p>\n But one irreversible loss involved the audio and video files of tribal members speaking the Cherokee language. The EBCI had invested 15 years collecting those recordings, which demonstrated the proper enunciation and inflection of Cherokee words, Sneed says.<\/p>\n \u201cThere is a way to speak the language and we\u2019ve only got 160-some fluent speakers left,\u201d Sneed says. \u201cThat data is lost and gone forever. It\u2019s priceless. It carries a long-term cultural impact that I don\u2019t think most people give thought to. It matters.\u201d<\/p>\n The EBCI\u2019s move to the cloud, Sneed says, will help preserve other crucial pieces of tribal history and culture.<\/p>\n In the spring of 2020, Huffman began working side by side with the tribe\u2019s IT employees at the EBCI emergency operations center. They dug into system repairs and, soon, cloud migration.<\/p>\n \u201cWe scrambled to get everything together,\u201d Huffman says.<\/p>\n Their immediate priorities: revive both 911 dispatch and the tribe\u2019s financial system. Twice each year, every EBCI member receives a disbursement of several thousand dollars \u2013 an amount based on revenues from two tribally owned casinos. The cyberattack had delayed those per-capita payments.<\/p>\n Huffman logged about 10 to 12 hours each day on the restoration effort. At night, he stayed at a nearby hotel. Each weekend, he commuted home to South Carolina. During his stay, he learned selected Cherokee words, such as \u201cSgi,\u201d which means \u201cthank you.\u201d<\/p>\n \u201cWe got their most critical things operating first. Then we started tackling other multiple workloads,\u201d Huffman says.<\/p>\n One project was a full tech refresh on the workstations of EBCI government staffers. The tribe purchased $2.1 million worth of Microsoft Surface<\/a> laptops for its employees and equipped each with Microsoft Teams<\/a>. That enabled employees to work remotely and securely weeks before the COVID-19 pandemic forced social distancing.<\/p>\n \u201cAfter Elliot arrived, we spent some time talking with him and, at that point, we decided we\u2019re all in on the cloud,\u201d recalls Bill Travitz, the tribe\u2019s previous IT director who held the position at the time of the cyberattack. \u201cOnce we made that cloud decision, we never looked back.\u201d<\/p>\n Travitz, a 37-year IT veteran, is a true evangelist for zero trust<\/a> architecture.<\/p>\n That set of principles is rooted in the doctrine that data security is not merely a perimeter defense but must be viewed in terms of people, services and the movement of data, Travitz says. Under the zero trust umbrella, data is always authenticated and authorized at all available data points, including user identity, location and device health.<\/p>\n![\"US-441](\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2022\/09\/after-a-devastating-cyberattack-the-eastern-band-of-cherokee-indians-became-one-of-the-worlds-most-technologically-advanced-nations.jpg\")
![\"Museum](\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2022\/09\/after-a-devastating-cyberattack-the-eastern-band-of-cherokee-indians-became-one-of-the-worlds-most-technologically-advanced-nations-1.jpg\")
![\"Richard](\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2022\/09\/after-a-devastating-cyberattack-the-eastern-band-of-cherokee-indians-became-one-of-the-worlds-most-technologically-advanced-nations-2.jpg\")
![\"Members](\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2022\/09\/after-a-devastating-cyberattack-the-eastern-band-of-cherokee-indians-became-one-of-the-worlds-most-technologically-advanced-nations-3.jpg\")