kelfair jarmarra ollyve
Hebe Newnam
Toll Group shuts down some online systems after ransomware attack
Australian logistics giant Toll Group has been hit by a ransomware attack that forced it to suspend some of its IT systems and disrupt its delivery services. The company said it was targeted by a new variant of ransomware called Nefilim, which encrypts files and threatens to publish them if a ransom is not paid.
This is the second time in three months that Toll Group has been affected by a cyberattack. In February, the company suffered a Mailto ransomware infection that infected 1000 of its servers and took down its online booking and tracking platform MyToll. The company said it did not pay any ransom and restored its systems from backups.
Toll Group said it detected the latest attack on May 5 and immediately isolated the affected systems to contain the spread of the malware. It also notified the Australian Cyber Security Centre (ACSC) and engaged external security experts to investigate the incident.
The company said it has no intention of engaging with the ransom demands and there is no evidence at this stage to suggest that any data has been extracted from its network. However, according to iTnews, Toll Group may have lost over 200GB of data in the ransomware attack, as the hackers claimed to have exfiltrated and published some files on a dark web site.
The ransomware attack has impacted some of Toll Group's customers and services, as the company had to resort to manual processes and contingency plans. The company said it is working to restore its key online systems as soon as possible, but some of them may remain offline for at least the remainder of this week.
Toll Group is one of the largest logistics providers in Australia and operates in over 50 countries. The company handles millions of parcels and freight shipments every year and serves customers across various industries, including retail, mining, healthcare and government.
The ransomware attack on Toll Group highlights the growing threat of cyberattacks on critical infrastructure and essential services. Ransomware is a type of malware that locks files or systems and demands payment for their release. According to a report by Emsisoft, ransomware attacks cost businesses at least $11.5 billion in 2019.
How to Prevent Ransomware Attacks
Ransomware attacks can cause significant financial and reputational damage to organizations and individuals. Therefore, it is important to take preventive measures to reduce the risk of becoming a victim of ransomware. Here are some best practices to prevent ransomware attacks:
- Never click on unverified links or open suspicious attachments in emails or social media messages. These are common ways for hackers to spread ransomware and other malware. If you are not sure about the source or legitimacy of a link or attachment, do not open it.
- Use security software and keep it updated. Security software can help detect and block ransomware and other threats before they infect your system. Make sure you have a reputable antivirus and anti-malware program installed on your devices and update it regularly.
- Use a firewall and VPN. A firewall can help protect your network from unauthorized access and malicious traffic. A VPN can encrypt your online activity and prevent hackers from intercepting your data or injecting malware into your connection.
- Backup your data regularly. Having a backup of your important files can help you recover them in case of a ransomware attack. You should store your backups in a separate location or device, preferably offline or in the cloud, and test them periodically.
- Educate yourself and your employees. Raising security awareness is crucial for preventing ransomware attacks. You should learn about the latest ransomware trends and tactics, and how to recognize and avoid phishing emails and malicious websites. You should also train your employees on how to follow security policies and procedures, and how to report any suspicious activity or incident.
How to Recover from Ransomware Attacks
If you are unfortunate enough to suffer a ransomware attack, you should not panic or pay the ransom. Paying the ransom does not guarantee that you will get your data back or that the hackers will not attack you again. Instead, you should follow these steps to recover from a ransomware attack:
- Disconnect your device from the network and the internet. This can help prevent the ransomware from spreading to other devices or systems, or communicating with the hackers' servers.
- Contact law enforcement and report the incident. You should notify the authorities about the ransomware attack as soon as possible, as they may be able to provide assistance or guidance on how to deal with it.
- Identify the type of ransomware and look for a decryption tool. You may be able to find out what kind of ransomware has infected your device by looking at the ransom note or searching online for similar cases. Some ransomware variants have been cracked by security researchers or law enforcement agencies, and there may be free decryption tools available online that can help you recover your data.
- Restore your data from backups. If you have a backup of your data, you can use it to restore your files after removing the ransomware from your device. You should scan your device with security software before restoring your data, to make sure it is clean and safe.
- Review and improve your security posture. After recovering from a ransomware attack, you should review your security practices and policies, and implement any necessary improvements or changes. You should also update your security software, patch your systems, change your passwords, and educate yourself and your employees on how to prevent future attacks.