Insurance firm One Call has reported that it had been hit by a ransomware attack that disrupted its core IT systems, forcing the company the company to shut down its IT services.

In an update on its website, the company said that issues with its IT systems began to surface on 13th May, and since then it has been working with external specialists to restore affected systems.

The ransomware attack was first disclosed by the local newspaper Doncaster Free Press, which claimed that DarkSide ransomware gang was responsible for the attack.

The newspaper reported - that a message appeared from the hackers on the screens within One Call stating if they did not receive £15m, the data they have will be made public. Data including customer data such as passwords and bank details was reported to have been acquired by the hacklers.

Some One-Call staff accused the company of initially trying to cover up the data breach.

Takeaways:

1. Type of attack: sensitive data exfiltration with ransom demand

2. The disruption to systems and One Call's business, lasted nearly two weeks. No new business was taken on during this time

3. Further costs may accrue over time (the company may be obligated to provide free credit record checking for affected customers)

4. All staff should be briefed NOT to talk to media sources during a major incident

How well would your organisation cope with type of incident? There's only one way to find out for sure - recreate a similar incident with Impact Simulator, our ransomware incident simulation service.