Joshua Smith

Arkana ransomware group claims to have compromised "Wide Open West - WOW!", one of the largest Internet Service Provider's in the United States. First and foremost: we have never heard of Arkana ransomware group. We've seen some researchers mention them via their onion domain — but this appears to be their first victim. Their first victim is also a giant. Second: previously we shared a music montage video Arkana put together illustrating the level of access they claim to have on "WOW". However, upon inspection, the compromise Arkana is claiming to have is far more devastating than initially thought. Interestingly, Arkana has used some sort of AI tool to provide a high-level overview of their compromise on their onion domain. It reads exactly like a ChatGPT message. tl;dr 1. Arkana opens by threatening WOW by mentioning lawsuits (incorrectly citing GDPR) by shareholders and customners. 2. Arkana mocks the CEO. They published her company shares, address, address history, e-mail addresses, and social security number. They taunt her. 3. Share generic company information which is public, primarily shareholders, company executives, directors, etc. 4. Provide table layouts impacting 403,000 customers including: - UserId - UserName, Password - SecurityQuestion - SecurityAnswer - Email - Full name - WOW service package information 5. Demonstrate full access to "Symphonica" — and show themselves allegedly pushing malware to customer devices (in Michigan?). 6. Demonstrate full access to "AppianCloud", they suggest (in their AI summary, and also in the video they made), they can potentially alter billing information or alter financial transactions (?). 7. The images (as well as the video) Arkana share show intimate and detailed access to WOW. This is very, very, very interesting from a random, suddenly appearing, almost no-name ransomware group. We see ransomware groups appear all the time, rarely do they make an explosive impact like this right out the gate. We personally do not know of many groups capable of NOT ONLY compromising an ISP, but also knowing how to navigate the infrastructure AND ALSO (allegedly, based on the footage provided) push malware to customer devices.

Our global P3 (Purpose - Plan - Perform) event continues in Dublin, Ireland, bringing together teams from London and Dublin to align on our mission and sharpen our focus on what sets us apart. 🌍 This year we’re leaning in to our unique technology that we’ve built over 15+ years working in security operations at the enterprise. By leveraging data-stitching, detection at source and agentic AI, we empower teams to stay ahead of attackers and protect critical operations. This year, it’s all about seizing opportunities, and we have just scratched the surface of what’s possible. #ReliaQuest #MakeSecurityPossible #Cybersecurity #Teamwork