A new ransomware group claims to have hacked the systems of US telecommunications provider WideOpenWest (WOW!), and to have taken control of critical systems, in addition to stealing customer information.
Calling itself Arkana Security, the threat actor claims to be performing penetration testing, hacking into organizations’ networks by exploiting vulnerabilities in corporate systems. They also steal the victims’ data to coerce them into paying a so-called “fee”.
The same as other ransomware groups, however, Arkana relies on various tactics to extort its victims, listing their names on its Tor-based leak site and threatening to sell the allegedly stolen data on the dark web and to make it public unless a ransom is paid.
In addition to shaming its victims, Arkana appears to engage in doxxing activities, publishing sensitive personal information on the breached organization’s leadership on the leak site.
This week, the group listed on the leak site its first victim, namely WOW!, a US cable, broadband, phone, and internet services provider that serves nearly two million business, residential, and wholesale customers in 19 markets, mainly in Michigan, Alabama, Tennessee, South Carolina, Georgia, and Florida.
Arkana claims to have gained access to critical internal systems within WOW!’s environment, such as AppianCloud, and to have taken full control over the telecom provider’s Symphonica system.
The threat actor alleges the high level of access it has obtained allows it to perform a broad range of malicious activities, such as malware deployment on customer devices, backend code and financial transaction manipulation, and billing information tampering.
Arkana says it stole two databases – one of 403,000 accounts and one of 2.2 million accounts – containing information such as usernames, account IDs, passwords, security information, names, emails, permissions, and Firebase integration details.
“For WOW!, this alleged breach can translate into significant reputational damage and potential legal and regulatory repercussions. The exposure of sensitive customer data not only undermines trust but also forces the company to invest heavily in remediation and enhanced cybersecurity measures to prevent future incidents,” cybersecurity firm SOCRadar notes.
WOW! has yet to confirm the alleged hack and data breach. SecurityWeek has emailed the company for a statement and will update this article if a reply arrives.
Related: Ransomware Shifts Tactics as Payouts Drop: Critical Infrastructure in the Crosshairs
Related: Medusa Ransomware Uses Malicious Driver to Disable Security Tools
Related: Albabat Ransomware Expands Targets, Abuses GitHub
Related: Ransomware Group Claims Attack on Virginia Attorney General’s Office
