A cyber-crime ring calling itself Arkana has made a cringe music video to boast of an alleged theft of subscriber account data from Colorado-based cableco WideOpenWest (literally, WOW!)

The video features gloomy music plus narration and text in Russian that claims – which screenshots of what looks like compromised internal WOW! systems – details on 403,000 customers, including their usernames, passwords, partial credit card details, and email addresses, were pilfered. Login histories, modem types, and even the questions and answers used to re-establish user identity were also apparently pinched.

The extortionists say WOW! – said to be the eighth largest cable operator in America – has until Friday to negotiate a ransom payment. Failure to do so will see Arkana sell what’s said to be the stolen info to the highest bidder or leak the trove itself. If that happens, WideOpenWest will be aptly named.

Like many criminal gangs, Arkana has tried to give itself a veneer of respectability by saying it’s actually in the security business.

“Arkana Security specializes in identifying and exposing critical vulnerabilities in company systems,” the crew states on its website.

“We offer organizations a second chance or final opportunity to address their negligence before facing severe consequences. Our expertise in post-penetration testing, data security, and risk management ensures businesses can safeguard their data and prevent catastrophic outcomes.”

An analysis by security biz Hudson Rock concluded that a break-in took place in September last year after a WOW! employee’s computer was infected with info-stealer malware. Hudson Rock believes Arkana took control of several of the US ISP’s backend systems, including its deployment of orchestration tool Symphonica and cloud security software tools from Appian Cloud.

“Arkana has not only stolen sensitive data but is also attempting to blackmail WOW! with the threat of leaking or selling the information. They even claimed they have the ability to push malware to the company’s customers,” Hudson Rock said.

“This incident underscores the growing threat of info-stealers as a precursor to ransomware attacks and the urgent need for organizations to prioritize info-stealer monitoring to prevent such breaches.”

WOW! had no comment at the time of going to press. ®