Doncaster insurance firm One Call hit by not-dead-at-all Darkside ransomware gang A Doncaster insurance company has been hit by ransomware from the Darkside crew – whose "press release" declaring it was shutting down its operations last week was taken at face value by some pundits. The Doncaster Free Press reports that One Call Insurance, based in the northern English city, had been compromised by Darkside …
I thought one of the advantages of the block chain was that all transactions are logged. So even if the millions from ransomware were to be divided up between thousands of different bitcoin wallets, as soon as they try and cash one out with a coin exchange at that point they will need to reveal their real identity to get in back to fiat currency.
I can't see how they can be actually benefiting in the real world for these ransonware scams, as what is the point in having millions of dollars in bitcoin if you can't actually spend it on anything tangible or are there some dodgy exchanges that will payout cash with no ID and no questions asked?
It’s no different to how it was before - money laundering through mules of differing degrees of awareness.
There are sites I’m aware of where you can participate in this under the guise of exchanging other assets, and I’m not a criminal and have no interest in either Bitcoin or money laundering so safe to say there are no shortage of sites for exchanging illicit bitcoins for real world assets with the expected level of loss of value
The following is just the impression I got from the article, but I don't think One Call's problem was a particularly long delay in getting back up and running. I believe it was that Darkside managed to steal a lot of customer data and was ransoming it.
While improved security measures would decrease the chance of a successful attack occurring, once that data has been stolen I don't think there's much that can be done as far as DR is concerned. The data's out there. Either they pay the ransom and hope that Darkside keep their end of the bargain and delete it, or they hold out and deal with the fallout. Let's just hope that the stolen data was encrypted and that the keys weren't stolen as well.
Anonymous for obvious reasons
I just contacted their 'live chat'. I insure my car with One Call. Apparently, the customer portal is now 'secure'.
Worse than useless. I specifically asked how customer data was secured and why did I have to find out about this breach via the media. The only response was the press release and to wait for more information!
What a shower.
I sent an email to the 'Data Protection Office/r' [DPO@onecalldirect.co.uk].
The email was bounced back. !!!
I also have my car insured with them, I will not be a repeat customer that is sure !!!
If someone could interpret the following Error message, it would be useful:
================================================================
Reporting-MTA: dns; mx08-00393c01.pphosted.com
Received-From-MTA: DNS; m0172429.ppops.net
Arrival-Date: Fri, 21 May 2021 12:42:25 +0100
Final-Recipient: RFC822; dpo@onecallinsurance.co.uk
Action: failed
Status: 5.4.14
Remote-MTA: DNS; ocis-uk.mail.protection.outlook.com
Diagnostic-Code: SMTP; 554 5.4.14 Hop count exceeded - possible mail loop ATTR34 [LO2GBR01FT008.eop-gbr01.prod.protection.outlook.com]
Last-Attempt-Date: Fri, 21 May 2021 12:42:26 +0100
===============================================================
Signed
(A very unimpressed soon to be ex-customer.)
Run for the hills, my brief experience with One Call was absolutely shocking
They tried to ignore my 2 week cooling down period for a financial agreement when I requested it to be cancelled within the allowed timeframe. Had to involve the ombudsman to get One Call to see sense
It's probably another one of those wideboy companies where everything is "the lowest denomination"
Being a cynic with 20+ years security experience, paying a $100m for security is not going to get things done if the rest of the organization blocks your progress. I had a program manager block all security updates because she had to get features out. The security features were tied to our friendly WordPress and would have directly connected the hacker to the payment portal.
It's been a year and she still bristles and sabotages all security work.
Naah, she is not the exception. I have old-timers in another company nuke every security project. These are experienced men.
Just grit your teeth and hope the management wakes up.
There is no such thing as perfect security.
Companies are really bad at investing in people so these guys will be overworked and under educated. Clicking on dodgy emails at that point is almost inevitable.
I hope the ICO see a chronic lack of investment in information (I hate the word "cyber") security as a real breach in legal compliance with the DPA 2018 / UK-GDPR.
Security and security expertise is expensive. Saying "we take customers' data security very seriously" is cheap; especially after the horse has bolted.
My own organisation says "cyber risks are one of our top corporate risks". However investment in that is chronically bad. And I ,the lone security guy, am now leaving to take up a job that is paying double for less responsibility.
The first question is did they steal the data or just copy it? Was the data altered? A DRP allows the company to recover operations.
If the ransomware has not affected the backup systems and data can be restored there is no need to pay the ransom. Good DR is also cheaper than hiring specialists to save your bacon.
This only makes sense if the subsequent fine is lower than the cost of paying the ransom and having an effective disaster recovery plan in the first place.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
