back to article Doncaster insurance firm One Call hit by not-dead-at-all Darkside ransomware gang

A Doncaster insurance company has been hit by ransomware from the Darkside crew – whose "press release" declaring it was shutting down its operations last week was taken at face value by some pundits. The Doncaster Free Press reports that One Call Insurance, based in the northern English city, had been compromised by Darkside …

  1. mark l 2 Silver badge

    I thought one of the advantages of the block chain was that all transactions are logged. So even if the millions from ransomware were to be divided up between thousands of different bitcoin wallets, as soon as they try and cash one out with a coin exchange at that point they will need to reveal their real identity to get in back to fiat currency.

    I can't see how they can be actually benefiting in the real world for these ransonware scams, as what is the point in having millions of dollars in bitcoin if you can't actually spend it on anything tangible or are there some dodgy exchanges that will payout cash with no ID and no questions asked?

    1. Mike 137 Silver badge

      "are there some dodgy exchanges that will payout cash"

      Almost certainly. Even before "digital", money laundering operated via well established long chains of obfuscation to do this. If anything, the fact that it's electronic just makes it easier and faster.

    2. Tomato Krill

      It’s no different to how it was before - money laundering through mules of differing degrees of awareness.

      There are sites I’m aware of where you can participate in this under the guise of exchanging other assets, and I’m not a criminal and have no interest in either Bitcoin or money laundering so safe to say there are no shortage of sites for exchanging illicit bitcoins for real world assets with the expected level of loss of value

  2. Anonymous Coward
    Anonymous Coward

    It wont be long yeah

    'Till some companies don't allow internet access from desktops

    1. Dan 55 Silver badge

      Re: It wont be long yeah

      I guess they would rather do that than install Qubes OS because companies always prefer the option which requires least expertise.

  3. alain williams Silver badge

    £15 million + cost of repair + reputation loss

    How much would it have cost to have decent disaster recovery in place ?

    Unfortunately you are not going to stop numpty employees clicking on links to bouncy kittens, or whatever, no matter how many times you tell them.

    1. My-Handle Silver badge

      Re: £15 million + cost of repair + reputation loss

      The following is just the impression I got from the article, but I don't think One Call's problem was a particularly long delay in getting back up and running. I believe it was that Darkside managed to steal a lot of customer data and was ransoming it.

      While improved security measures would decrease the chance of a successful attack occurring, once that data has been stolen I don't think there's much that can be done as far as DR is concerned. The data's out there. Either they pay the ransom and hope that Darkside keep their end of the bargain and delete it, or they hold out and deal with the fallout. Let's just hope that the stolen data was encrypted and that the keys weren't stolen as well.

  4. Anonymous Coward
    Anonymous Coward

    Their site hasn't been patched since 2013...

    https://www.onecallinsurance.co.uk//

    Has 100 + high/critical CVE's. (CVSS 7+). some of them dating back to 2013.. most of them to do with out of date PHP versions.....

    1. Dan 55 Silver badge

      Re: Their site hasn't been patched since 2013...

      So it doesn't appear to be an "entirely new and secure environment".

  5. Anonymous Coward
    Anonymous Coward

    Same Ol', Same Ol'

    Anonymous for obvious reasons

    I just contacted their 'live chat'. I insure my car with One Call. Apparently, the customer portal is now 'secure'.

    Worse than useless. I specifically asked how customer data was secured and why did I have to find out about this breach via the media. The only response was the press release and to wait for more information!

    What a shower.

    1. Anonymous Coward
      Anonymous Coward

      Re: Same Ol', Same Ol'

      I sent an email to the 'Data Protection Office/r' [DPO@onecalldirect.co.uk].

      The email was bounced back. !!!

      I also have my car insured with them, I will not be a repeat customer that is sure !!!

      If someone could interpret the following Error message, it would be useful:

      ================================================================

      Reporting-MTA: dns; mx08-00393c01.pphosted.com

      Received-From-MTA: DNS; m0172429.ppops.net

      Arrival-Date: Fri, 21 May 2021 12:42:25 +0100

      Final-Recipient: RFC822; dpo@onecallinsurance.co.uk

      Action: failed

      Status: 5.4.14

      Remote-MTA: DNS; ocis-uk.mail.protection.outlook.com

      Diagnostic-Code: SMTP; 554 5.4.14 Hop count exceeded - possible mail loop ATTR34 [LO2GBR01FT008.eop-gbr01.prod.protection.outlook.com]

      Last-Attempt-Date: Fri, 21 May 2021 12:42:26 +0100

      ===============================================================

      Signed

      (A very unimpressed soon to be ex-customer.)

      1. FlamingDeath Silver badge

        Re: Same Ol', Same Ol'

        Run for the hills, my brief experience with One Call was absolutely shocking

        They tried to ignore my 2 week cooling down period for a financial agreement when I requested it to be cancelled within the allowed timeframe. Had to involve the ombudsman to get One Call to see sense

        It's probably another one of those wideboy companies where everything is "the lowest denomination"

      2. Anonymous Coward
        Anonymous Coward

        Re: Same Ol', Same Ol'

        Looks like they are forwarding within their O365 tenant and have hit mail loop protection limits:

        https://techcommunity.microsoft.com/t5/exchange-team-blog/loop-prevention-in-exchange-online-demystified/ba-p/2312258

  6. Duffaboy
    FAIL

    This is what happens when you

    1. Slash your IT spend

    2. Don't pay for top quality IT professionals and instead try to pay mid 20K salary

    3. Invest in the latest tech and software

    1. A random security guy Bronze badge

      Re: This is what happens when you

      Being a cynic with 20+ years security experience, paying a $100m for security is not going to get things done if the rest of the organization blocks your progress. I had a program manager block all security updates because she had to get features out. The security features were tied to our friendly WordPress and would have directly connected the hacker to the payment portal.

      It's been a year and she still bristles and sabotages all security work.

      Naah, she is not the exception. I have old-timers in another company nuke every security project. These are experienced men.

      Just grit your teeth and hope the management wakes up.

      1. Anonymous Coward
        Anonymous Coward

        Re: This is what happens when you

        There is no such thing as perfect security.

        Companies are really bad at investing in people so these guys will be overworked and under educated. Clicking on dodgy emails at that point is almost inevitable.

        I hope the ICO see a chronic lack of investment in information (I hate the word "cyber") security as a real breach in legal compliance with the DPA 2018 / UK-GDPR.

        Security and security expertise is expensive. Saying "we take customers' data security very seriously" is cheap; especially after the horse has bolted.

        My own organisation says "cyber risks are one of our top corporate risks". However investment in that is chronically bad. And I ,the lone security guy, am now leaving to take up a job that is paying double for less responsibility.

  7. IGotOut Silver badge

    Beep Beep.

    You have recently been involved in a ransomware attack.

    Reply "Claim" to...

  8. Anonymous Coward
    Anonymous Coward

    Got a DRP? Then no fine is payable.

    The first question is did they steal the data or just copy it? Was the data altered? A DRP allows the company to recover operations.

    If the ransomware has not affected the backup systems and data can be restored there is no need to pay the ransom. Good DR is also cheaper than hiring specialists to save your bacon.

    This only makes sense if the subsequent fine is lower than the cost of paying the ransom and having an effective disaster recovery plan in the first place.

  9. Anonymous Coward
    Anonymous Coward

    When regular encryption becomes backdoored, the only way you'll get it safely secured will be this!

  10. FlamingDeath Silver badge

    This is amazing news, One Call are fucking awful

  11. Anonymous Coward
    Anonymous Coward

    How can passwords be made public ?

    After all, in 2021 even my fucking cat knows to store only a fucking hash.

    Please tell me that the fucktards that designed this system while I was looking for a job and being told how out of date my skillz were are now looking for a job themselves./

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022