The Black Bank based firm is run by colourful businessman John Radford – while on the other side, DarkSide are a secretive network of hackers, understood to be working out of Russia and targeting Western businesses, stealing sensitive customer details while trying to extort huge sums of cash out of businesses.
Police have been called in to investigate the attack on One Call – and staff and customers are demanding answers from the firm, which has remained tight-lipped since the attack more than a week ago.
So who are the players?
Here’s our look at One Call boss John Radford and the hacking group DarkSide.
Businessman John Radford is the owner of One Call Insurance – he is also the owner of Mansfield Town Football Club.
One Call has gone from being a small local firm run from an office into Doncaster town centre to a big national firm with a large office base at Black Bank.
The firm offers various forms of insurance – and is understood to have thousands of customers.
The company was previously involved in sponsoring Doncaster Rovers but now the firm has thrown its weight behind Mansfield, with the club’s Field Mill stadium being renamed the One Call Stadium.
He created controversy by appointing his then girlfriend Carolym Still, whom he later married, to the position of Chief Executive Officer at the football club in September 2011.
In 2018, the firm and Radford were fined more than £1 million for inadvertently spending £17.3m of client money on working capital and payments to directors.
The Financial Conduct Authority fined the firm £684,000 for failing to arrange adequate protection for client money over nine years while Mr Radford was fined £468,600 after the FCA decided he ‘is not fit and proper to have any responsibility for client money or insurer money’... ‘on the basis of his lack of competence to perform such functions’.
DarkSide is an Eastern Europe based cybercriminal hacking group that targets victims using ransomware and extortion – and was believed to be behind the recent Colonial Pipeline attack, which disrupted oil and gas supplies in the USA.
It is likely to be based in Russia, but unlike other hacking groups responsible for high-profile cyberattacks, it is not believed to be directly state-sponsored – i.e, operated by Russian intelligence services.
DarkSide avoids targets in certain geographic locations – namely Eastern Europe and Syria – and focuses on Western businesses.
It is understood that the groups are allowed to operate by the Russian authorities – as long as it only attacks foreign targets.
The group was first noticed in 2020 and has sought to foster a ‘Robin Hood’ image by giving some of the money from its cyber attacks to charity.
It has publicly stated that it prefers to target organisations that can afford to pay large ransoms instead of hospitals. schools, non-profit firms and governments.
The Federal Bureau of Investigation identified DarkSide as the perpetrator of the Colonial Pipeline ransomware attack, a cyberattack on May 7, 2021, that led to shutdown of the main pipeline supplying 45% of fuel to the East Coast of the United States.