Arkana Ransomware Group Claims Compromise of US Telecom Companies

The largest US internet provider, WideOpenWest (WOW!), is allegedly compromised by Arkana Security, a recently discovered ransomware group.

The attack, which security researchers trace to an infostealer infection from September 2024, has reportedly compromised over 403,000 customer accounts and granted attackers control over critical backend systems.

This appears to be Arkana’s first major victim claim, making their apparent technical sophistication particularly noteworthy. 

“We see ransomware groups appear all the time, rarely do they make an explosive impact like this right out the gate,” vx-underground shared on X.

Compromised Platforms

The threat actors claim to have gained full control of WOW!’s infrastructure through the compromise of two key platforms: AppianCloud and Symphonica.

Stop attacks before they start, powered by a 97% precise neural Network to Detect Cyber Attacks

These systems are critical to WOW!’s business operations, with Symphonica handling customer account management and AppianCloud managing business process workflows:

The credentials for these systems were harvested from an employee’s device infected with infostealer malware months before the actual ransomware deployment.

Arkana created a music video montage demonstrating their level of access to WOW!’s systems. 

The video revealed the group’s capability to potentially manipulate network configurations, customer data, and server code logic. Security experts suggest this indicates a lack of multi-factor authentication (MFA) and proper network segmentation.

Exposed Customer Data

The hackers claim to have exfiltrated two databases containing:

• User identification data (including usernames and passwords with salt).
• Security questions and answers.
• Email addresses.
• Firebase authentication details.
• Account status information.
• Login history.
• Service package information.

A second file allegedly contains 2.2 million records with names, phone numbers, addresses, and device information. 

To prove their access, the group also published personal information reportedly belonging to WOW! CEO Teresa L. Elder, including contact details and her Social Security number.

“If you fail to pay, the breach will go public. Your infrastructure is a complete disaster your security is non-existent,” the group threatened on their leak site. 

Arkana operates on a three-phase extortion model: ransom demands, threatened data sale, and public information leaks.

The breach highlights the growing trend of infostealers serving as precursors to ransomware attacks. 

Security experts recommend organizations implement proper credential monitoring, rapid response protocols following any infostealer detection, and multi-layered security for critical systems.

As of publication, WOW! has not officially confirmed the breach. The incident potentially affects millions of residential and business customers across the Midwest and Southeast regions where WOW! primarily operates.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

The post Arkana Ransomware Group Claims Compromise of US Telecom Companies appeared first on Cyber Security News.