Strategic Group Blog

Everything you need to know about IT and technology

close
Written by Emily Gam
on February 11, 2020

Transport company Toll Group are continuing to try to get back to normal operations after a massive cyber-attack on the company’s IT systems.

Toll became aware of an issue on the 31st of January and moved to disable the impacted systems to stop the spread of the cyber attack.

The incident has been identified as a new variant of a current ransomware attack called ‘mailto’ and is believed to infected as many as 1000 servers, including the company’s Active Directory.

“The ransomware that has affected Toll is a new variant of the Mailto ransomware,” the company said in an update Wednesday.

“We have shared samples of the relevant variant with law enforcement, the Australian Cyber Security Centre, and cyber security organisations to ensure the wider community is protected.”

Toll are still recovering from this incident with the company reporting yesterday “We are progressing with thorough testing and validation of our IT systems, in collaboration with key customers, with a view to restoring our systems as soon as it is deemed safe and secure for anyone who engages with Toll’s IT network including customers, employees, suppliers and vendors.”

At this stage the company does not believe that any customer data has been compromised but has begun a detailed investigation into the incident.

"We have shared samples of the relevant variant with law enforcement, the Australian Cyber Security Centre (ACSC), and cyber security organisations to ensure the wider community is protected," it said.

The ACSC has issued a public warning and has recommended organisations "update antivirus and other security tools".

"There is some evidence that Mailto actors may have used phishing and password spray attacks, and then used compromised accounts to send further phishing emails to the user's address book to spread the malware," it said.

While we don’t know officially how the ransomware was able to breach the Toll systems, usually ransomware works through phishing, sending fake emails to an employee and using social engineering to trick them into providing details such as passwords.

The fact that Toll is still recovering from an attack that happened over 3 weeks ago is a sobering reminder of the impacts that cyber security attacks can have on a business, small or large.

We encourage all of our clients and readers to make sure you are protected from phishing attempts by regularly testing and training your staff so they know what to look out for and what not to click.

Free User Phishing Test

Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:

News Productivity Technology

Top tech gifts to buy this Christmas

The holiday season is the perfect time to surprise loved ones with thoughtful gifts, and for the tech enthusiasts in you...

News Productivity Technology

How the Right Meeting Room Can Enhance Collaboration

In any workplace, collaboration is key to success, and the right meeting room technology can make a world of difference....

News Security AI

Maximising an AI Implementation in Accounting: A Step-by-Step Approach

AI technologies are transforming numerous sectors, including the field of accounting. While AI's promise is vast, a stra...