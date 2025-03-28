A new ransomware gang, Arkana Security, is claiming responsibility for an enormous breach at WideOpenWest (WoW), one of the largest cable operators and ISPs in the US.

The malicious actors boasted they had full backend control and even put a music video montage together to illustrate exactly how much access they had.

Threat researchers from Hudson Rock traced the origins or the attack to an infostealer infection back in September last year. It has allegedly compromised over 403,000 including names, emails, passwords and other data, and an additional file allegedly containing 2.2 million records. It has also given the malefactors control over critical backend systems.

“This incident underscores the growing threat of infostealers as a precursor to ransomware attacks—and the urgent need for organizations to prioritize infostealer monitoring to prevent such breaches,” the researchers say.

“We have fully compromised Wide Open West (WOW!), gaining access to highly sensitive customer data and servers,” Arcana posted on a data leak site on the dark web. “If you fail to pay, the breach will go public. Your infrastructure is a complete disaster – your security is non-existent. The systems are so poorly protected that it’s clear no real effort has been made to secure anything. It’s a huge failure on your part, and the consequences will be severe.”

A Stark Contrast in Characterization

Yogita Parulekar, CEO of Invi Grid, says: “Their cybersecurity risk management and governance disclosure in their annual 10K as required by the SEC is in stark contrast to the malicious actor’s characterization of the security program as “complete disaster”. There is one indicator though if one reads the disclosure closely. From the description it appears that the Security team is buried deep down in the organization’s hierarchy.”

She says all investors and other readers of such a description should immediately question the efficacy of such a program and ability to exert influence and implement a strong cybersecurity posture and governance.

“This hack will have serious business consequences and a direct impact to the public company that is trying to get acquired and go private as it will erode shareholder value,” adds Parulekar. “Boards of Directors of all companies should take note as to how inadequate governance and funding of cybersecurity programs can have a direct business consequence. Only then we, the consumers, the people will be safe.”

Milking Organizations of Funds

Lawrence Pingree, VP at Dispersive, comments: “The thing about most of these more recent Ransom attacks, is that it’s important to note that threat actors so far want to keep milking organizations out of their funds, so although threat actors often can be more destructive, they don’t kill the sacred cows that they keep milking. Some countries have tried to cut off the proverbial milk, by outlawing ransom payments – this seems to have helped in Australia.”

Pingree says this is just one more reminder that hyper-connected businesses of all kinds, including ISPs, should be pivoting their programs to Zero Trust Pre-emptive Cyber Defense, not detection and response strategies alone, as this is a fallback position. “This attack again shows that active defense and pre-emptive manoeuvres against threats is essential.”