Toll Group still recovering from ransomware attack


By Dylan Bushell-Embling
Wednesday, 13 May, 2020


Toll Group still recovering from ransomware attack

Australian logistics company Toll Group has been forced to shut down some core IT systems after falling victim to a ransomware attack for a second time this year.

The attack on 5 May has been confirmed to be traced to the new Nefilim ransomware, part of a new wave of “double extortion” ransomware attacks whereby data is both encrypted and sent to the attackers, who threaten to publish the data online if they do not pay the ransom.

Toll Group has announced that it had securely reactivated its core IT systems as of 7 May, but that a number of customer-facing applications remained offline as of 11 May. The restoration work is expected to continue throughout this week.

The attack has caused delays in some parts of the network, but Toll has switched to taking bookings over the phone via its call centres, and freight shipments and parcel deliveries are moving “by and large” as normal.

Meanwhile, Toll has revealed it has no intention of paying any ransom, and despite Nefilim’s typical methodology, the company has no evidence to date that any data was exfiltrated from its network.

“We continue to prioritise the movement of essential items including medical and healthcare supplies,” Toll Group’s latest update states. “Email access has been restored for Toll employees who operate on our cloud-based platforms.”

Toll Group added that it is continuing to support its large enterprise customers whose services are affected by the disruption to Toll’s online operations.

The company is working with the Australian Cyber Security Centre (ACSC) to investigate and resolve the incident.

The Nefilim ransomware is commonly distributed through exposed remote desktop protocol (RDP) ports, and uses AES-128 encryption to encrypt a victim’s files.

Toll Group was forced to pull its systems offline in January after falling victim to a major ransomware attack involving the Mailto ransomware.

While at the time ACSC said there was no evidence the attack was part of a broader campaign, rival Henning Harders also suffered a ransomware attack in March.

Image credit: ©stock.adobe.com/au/Lasha Kilasonia

Related Articles

How AI can help businesses manage their cyber risks

Artificial intelligence can be a powerful ally in the fight against cyberthreats.

Boosting software security with a binary approach

The discovery of a leaked access token earlier this year has shone a light on why the method we...

Safeguarding against security risks in AI agents

The chain of events and interactions initiated by AI agents can be vast and complex, often...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd