Arkana Security
Compare
Description
Arkana Security emerged in early 2025, debuting with a high-profile data-extortion campaign against the U.S. internet provider WideOpenWest (WOW!). The group does not appear to deploy actual ransomware encryption; rather, it operates a data-broker-led, leak-centric extortion model, with a structured "Ransom → Sale → Leak" progression. Victims so far include WOW! and several other organizations across sectors such as telecommunications, mining, finance, electronics, and music/entertainment, spanning the U.S. and UK. Arkana facilitates its threats through doxxing and "Wall of Shame" tactics, leveraging psychological pressure rather than encrypting systems. Its operations are characterized by post-intrusion lateral movement and deep backend access.
External Analysis5
| External Analysis |
|---|
| https://cyjax.com/resources/blog/who-broke-the-internet-arkana-security-names-us-broadband-provider-on-new-dls/ |
| https://vectra.ai/modern-attack/threat-actors/arkana-security |
| https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/arkana-security |
| https://securityweek.com/new-ransomware-group-claims-attack-on-us-telecom-firm-wideopenwest/ |
| https://cyberpress.org/arkana-ransomware-group-alleges-breach/ |
Session1
| Session |
|---|
| 05babe48a5070de46a39ee4aa025988beefe059dad57babe52ba797b85643f4523 |
Other1
| Other |
|---|
| http://sonarmsng5vzwqezlvtu2iiwwdn3dxkhotftikhowpfjuzg7p3ca5eid.onion/contact/Arkana |
Urls2
| Url | ||||
|---|---|---|---|---|
| http://arkanabb66ee4nsdji6la2bu6bwqe3dbtsyf3rxrv6vhiehod7utagad.onion | Down |
|
||
| http://ransomwvbabemdnwl7lzgeenyfmmhskaed6jcruwhkvapsia76vttzyd.onion/ | Down |
|
