Australian Transport Company Hit with Ransomware Months after preivous attack

[TempestCatto]

Quote

Toll, a large Australian transportation company, was hit with a new ransomware attack, only three months after a previous incident. This time, the malware is named Nefilim, and attackers also stole data from the affected servers.

Big oof. Did they not secure their shit from last time?

 

Quote

“Our ongoing investigations have established that the attacker has accessed at least one specific corporate server,” said Toll in a communique. “This server contains information relating to some past and present Toll employees, and details of commercial agreements with some of our current and former enterprise customers. The server in question is not designed as a repository for customer operational data.”

It's not clear what exact data was stolen (as far as what could be used to identify someone) but it looks like it no customer data was at risk.

 

Quote

The company is already in the process of contacting the people and companies affected by the breach, and they’ve already announced that they have no intention of paying the ransom, which is line with the standing recommendations in such situations. Toll also notified the Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP) of the incident.

Glad their not paying up, but makes you wonder if all that data is truly lost or if they can recover it.

 

 

Ketchup Packet: https://hotforsecurity.bitdefender.com/blog/australian-transport-company-hit-with-nefilim-ransomware-months-after-a-maito-ransomware-attack-23242.html?cid=soc|c|fb|H4S&fbclid=IwAR34qMYbE4ROsKz50DIdEMhx_-atHFq0mAPgUVIE5rF6j6RzOwbEl0CjbV8

 

 

This news post is brought to by Honey. Honey is the free browser extension that saved thousands for shoppers everywhere, from Walmart to Amazon, Honey can save you money. Go to https://www.joinhoney.com/linus to start saving today!

[PlayStation 2]

[mr moose]

So either they made back up arrangements that work well enough to not have to even consider paying the ransomware, or they were lucky to have only had a minor breach.

 

Either way, glad they are not paying, if all companies and individuals did this we wouldn't have ransom ware.

[TrigrH]

40 minutes ago, TempestCatto said:

Big oof. Did they not secure their shit from last time?

My guess is due to the catastrophic failure of their systems, the primary objective was to get back online ASAP so TOLL stops bleeding money. From memory this took 3 weeks to a month. To get hit again 2 months after recovering makes me think they didn't even get the chance to properly secure or fully audit their systems in that timeframe, let alone act on a plan to amp up security, especially due to the increased demand on all courier services in light of covid-19.