Just months after suffering a crippling ransomware attack, transport company Toll have been hit again with another ransomware attack called Nefilim.
Toll reported yesterday that there had been unusual activity on a number of servers that had resulted in a shutdown of it’s IT systems.
“As a result of investigations undertaken so far, we can confirm that this activity is the result of a ransomware attack,” Toll reported in an advisory on Tuesday.
“Working with IT security experts, we have identified the variant to be a relatively new form of ransomware known as Nefilim"
“This is unrelated to the ransomware incident we experienced earlier this year.”
“Nefilim became active at the end of February 2020 and while it is not known for sure how the ransomware is being distributed, it is most likely through exposed Remote Desktop Services,” the report stated.
Toll were left blindsided in late January when the Mailto ransomware was used by attackers to take out a large section of their infrastructure. Toll refused to pay the ransom amount and again have declared they will not pay this recent demand.
“Toll has no intention of engaging with any ransom demands, and there is no evidence at this stage to suggest that any data has been extracted from our network"
“We are in regular contact with the Australian Cyber Security Centre (ACSC) on the progress of the incident.”
Toll will continue to operate through manual processes until they can recover their IT systems.
We encourage all of our clients and readers to make sure you are protected from phishing attempts by regularly testing and training your staff so they know what to look out for and what not to click.