A newly emerged ransomware group, calling itself Arkana Security, claims to have infiltrated the systems of U.S.
telecommunications provider WideOpenWest (WOW!), compromising critical infrastructure and stealing customer data.
Arkana Security presents itself as a penetration testing entity, stating that it breaches corporate networks by exploiting system vulnerabilities. However, like traditional ransomware groups, it uses extortion tactics, demanding payment under the guise of a "fee" while threatening to expose stolen data if victims refuse to comply.
The group employs multiple coercion strategies, including listing breached organizations on its Tor-based leak site and warning that stolen data will be sold on the dark web or publicly released. Additionally, Arkana engages in doxxing, publishing sensitive personal information about executives from targeted companies.
This week, Arkana listed its first victim on its leak site—WOW!, a U.S. cable, broadband, phone, and internet provider serving nearly two million customers across 19 markets, including Michigan, Alabama, Tennessee, South Carolina, Georgia, and Florida.
According to the threat actor, it gained deep access to WOW!’s internal systems, including AppianCloud and Symphonica, potentially enabling it to deploy malware on customer devices, manipulate backend code and financial transactions, and tamper with billing information.
Arkana also claims to have exfiltrated two databases—one containing 403,000 accounts and another with 2.2 million accounts—holding details such as usernames, account IDs, passwords, security information, emails, permissions, and Firebase integration data.
Cybersecurity firm SOCRadar warns that, if confirmed, this breach could have severe consequences for WOW! leading to reputational damage, regulatory scrutiny, and significant financial costs associated with remediation and enhanced cybersecurity measures.
