Transport company Toll with 45,000 employees suffers another ransomware attack in three months. It uses Checkpoint and Cisco security devices

Toll Group, a major logistics and transportation company, has been the victim of a second ransomware attack for the second time in less than three months. The company, headquartered in Australia, has a capital of about $8.7 billion and has more than 45,000 employees.

Through a statement released yesterday afternoon, the company notified its customers of the decision to “close some IT systems after detecting unusual activity on some of our servers”.

Toll Group’s announcement continues: “As a result of investigations conducted so far, we can confirm that this activity is the result of a ransomware attack. Working with computer security experts, we have identified that the variant is a relatively new form of ransomware known as Nefilim.” According to some recently revealed reports, the Netfilim ransomware was first identified in March, when researcher Vitali Kremez was analyzing a recent attack. 

Regarding the first ransomware incident reported by Toll Group, it is mentioned that the company was infected sometime in the early days of February 2020. On that occasion, the IT team also decided to isolate and disable some systems as a method of mitigating the attack.

As a result of the attack, some shipments scheduled by corporate and individual customers were delayed. Because the Australian Postal Service also works as a Toll customer, conventional mail deliveries were also affected. The delays were a serious inconvenience for millions of Australians, especially due to the wildfires that ravaged Australia in February.

Toll has not revealed the real impact on their systems that these incidents have had. However, they mention: “We have been in contact from the beginning with several customers affected by the problem and continue to work with them to minimize any disruption.”

The company also mentioned that this attack is unlikely to be linked in any way to the previous infection; In addition, they claim that no evidence has been found to suggest that the attackers were able to extract confidential information from their systems. Finally, a source confirmed that Toll Group will not pay any ransom, following the recommendations of the cybersecurity community, so their systems will be reset using the company’s security backups.

It is expected that completing the recovery process will take about a week.

Ransomware attacks have become a common threat, although it is important to mention that they can be prevented. While Toll could overcome these attacks without major mishaps, cybersecurity experts believe that hackers infected the company very easily, so their security processes will need to improve significantly.