Arkana Security

Parsing : Enabled

Description

Arkana Security emerged in early 2025, debuting with a high-profile data-extortion campaign against the U.S. internet provider WideOpenWest (WOW!). The group does not appear to deploy actual ransomware encryption; rather, it operates a data-broker-led, leak-centric extortion model, with a structured "Ransom → Sale → Leak" progression. Victims so far include WOW! and several other organizations across sectors such as telecommunications, mining, finance, electronics, and music/entertainment, spanning the U.S. and UK. Arkana facilitates its threats through doxxing and "Wall of Shame" tactics, leveraging psychological pressure rather than encrypting systems. Its operations are characterized by post-intrusion lateral movement and deep backend access.

External Analysis
https://cyjax.com/resources/blog/who-broke-the-internet-arkana-security-names-us-broadband-provider-on-new-dls/
https://vectra.ai/modern-attack/threat-actors/arkana-security
https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/arkana-security
https://securityweek.com/new-ransomware-group-claims-attack-on-us-telecom-firm-wideopenwest/
https://cyberpress.org/arkana-ransomware-group-alleges-breach/

Session
05babe48a5070de46a39ee4aa025988beefe059dad57babe52ba797b85643f4523

Other
http://sonarmsng5vzwqezlvtu2iiwwdn3dxkhotftikhowpfjuzg7p3ca5eid.onion/contact/Arkana

Urls	Screen
http://arkanabb66ee4nsdji6la2bu6bwqe3dbtsyf3rxrv6vhiehod7utagad.onion	Screen
http://ransomwvbabemdnwl7lzgeenyfmmhskaed6jcruwhkvapsia76vttzyd.onion/	Screen

File servers	Screen

Chat servers	Screen

Admin servers	Screen

Posts

Date	Title	Description	Screen
2025-06-07	Ticketmaster		Screen
2025-06-06	Synopsys		Screen
2025-05-29	Infinox		Screen
2025-05-21	Anglo American plc		Screen
2025-03-26	Oregon Surveillance Network - OSN!		Screen
2025-03-25	About & Contact		Screen
2025-03-25	Wide Open West - WOW!	Company: WideOpenWest Revenue: 630.9 M Industry: Internet Service Provider Website: wowway.com	Screen