Insurer One Call falls victim to ransomware attack from DarkSide gang

Gang is reportedly demanding £15 million from the company

Insurance firm One Call admitted last week that it had been hit with a ransomware attack that disrupted its core IT systems and forced the company to shut off servers.

In an update on its website, the company said that it began experiencing some issues with its IT systems on 13^th May, and that it has been working with cyber experts since then to restore the affected systems.

"The forensic specialists who are investigating what happened have confirmed that the disruption was the result of a ransomware incident," the company said.

"As we have been restoring our systems, we opted to prioritise supporting our existing customers and therefore, at this time we are not accepting new instructions or onboarding new customers," it added.

According to One Call, normal service to existing policy holders has been resumed, and customers can use Live Chat or the customer portal to contact the company.

The Doncaster-based insurer said that it has notified the Information Commissioner's Office (ICO) about the incident, and is "sorry for any frustration caused as a result of this incident."

The ransomware attack hitting One Call was first publicly disclosed by the local newspaper Doncaster Free Press, which claimed that DarkSide ransomware gang was responsible for the attack.

"A message appeared on the screen from the hackers stating if they do not receive £15m, the data they have will be made public. That's including all customer data such as passwords and bank details." the newspaper said.

The report claimed that the attackers were able to compromise the company's database, potentially exposing customer personal and banking details, passwords, email addresses, policies and other information.

Staff also accused the firm of covering up the extent of the attack, according to the newspaper.

DarkSide is an Eastern Europe or Russia-based cybercriminal hacking group which earlier this month attacked the US Colonial Pipeline company, forcing it to shutdown its major pipeline used to supply fuel to the US East Coast.

The shutdown sparked panic in the southeastern US, with residents lining up at petrol pumps for several hours over fears of fuel shortage. Petrol prices rose as a result of fuel supply disturbance, and some stations also ran out of fuel.

According to media reports, the company paid nearly $5 million (about £3.55 million) ransom to DarkSide hackers to restore its systems.

Later, the group apologised for the attack and promised to vet its targets more closely in the future.

"We are apolitical. We do not participate in geopolitics," the group posted on its darkweb site:

"Our goal is to make money and not creating problems for society. From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."

Last week, the group reportedly told its hacking associates that it was shutting down, after losing access to the infrastructure that it uses to run its operation, citing pressure from the US and disruption from a law-enforcement agency.