Toll Group responding to ransomware attack


By Dylan Bushell-Embling
Thursday, 06 February, 2020



Toll Group responding to ransomware attack

Australian transport and logistics giant Toll Group has suffered a ransomware attack resulting in delays and disruption to deliveries across Australia.

Following the attack on Friday, Toll deliberately shut down a number of systems across multiple sites and business units to contain the ransomware.

The ransomware Toll was attacked with is a new variant of the Mailto ransomware which first appeared around September last year.

Mailto, also known as Netwalker, is design to lock infected files into an unusable mailto format. The Toll attack marks the first known case of the ransomware being used on enterprise-level systems.

Following the attack, the company was forced to temporarily disable its online booking platform, reverting to phone booking. Some of the company's processing centres were also forced to operate pick up, processing and dispatch at reduced speeds.

As of the most recent update issued by the company early Wednesday afternoon, freight volumes were starting to return to usual levels, but a number of IT systems remained offline.

Toll said its IT teams have so far seen no evidence that any personal data was lost in the ransomware attack.

“We apologise for the disruption that some of our customers are experiencing. We’re working with relevant authorities and have referred the matter to the appropriate bodies for criminal investigation,” the company said.

“In the meantime, we’ll continue to work to our current processes in order to meet the needs of our customers.”

WatchGuard Technologies CTO Corey Nachreiner said the Toll Group attack is very similar to a number of targeted ransomware attacks aimed at companies that rely on technology to deliver time-sensitive, critical services or products.

“By strategically targeting industries that cannot operate well with any downtime, these criminals maximise the odds that their victims will pay the ransom to recover their services.   Healthcare organisations, state and local government, industrial control systems and now shipping companies represent ripe targets for these focused ransomware campaigns,” he said.

“In many cases, the ransomware used in these types of attacks is effective, but not particularly unusual compared to other variants. Proactive, advanced malware prevention solutions that use machine learning or behavioral analysis to catch new threats often detect and block these samples if delivered through the security service.”

Proofpoint Australia country manager Crispin Kerr has meanwhile advised Toll customers to be wary of attempts by cybercriminals to use the publicity generated from the attack to mount their own attack campaigns.

“Cybercriminals often impersonate brands immediately after a cyber security incident and distribute phishing attempts to try and capitalise on the event. They know customers are expecting to hear from the impacted brand and they will frequently try and take advantage of the situation by pretending to offer official advice,” he explained.

“We recommend contacting the Toll Group directly for support and be sure to avoid clicking on links within unsolicited emails and text messages—especially if the request asks for your credentials or sensitive information.”

 

Related Articles

Privacy International urges Google to crack down on Android security

Privacy International has released a petition, calling on Google to help fight vulnerabilities in...

Microsoft patches serious PKI vulnerability

Microsoft has patched a PKI spoofing vulnerability considered so severe that the US NSA took the...

Best of 2019: Email providers' phishing nets have "big holes"

Across the festive season we'll be reprising some of our best articles from 2019. Today we...


  • All content Copyright © 2020 Westwick-Farrow Pty Ltd