The Toll Group is an Australian logistics company offering services through road, sea, and air.
The company operates through trailers, containers, trucks which are approximated to be totalling 19,000. The Toll Group also offers its warehousing services in many countries across the globe.
The cyber attack against this logistics giant in 2020 was a its second ransomware attack.
Ransomware Attack
The ransomware was however a different variant from the first. This new variant was known as Nefilim.
The attackers were threatening the Toll Group with releasing confidential information about the company on the dark web. The attackers would take action if they were not paid the ransom within a week.
During the first attack on the Toll Group company, the attackers infected 1000 of the company’s servers with ransomware called MailTo. This malware disrupted the delivery of goods and services across Australia.
During the first incident, the company assured customers and the public that the hackers didn’t leak any confidential information. However, the hackers, later on, denied this and even stated that they had managed to steal data, encrypted the database and they would even publish that personal information on the dark web.
Business Continuity and Restoration
During the second attack, although the hackers declared that they had downloaded data and would publish it on the dark web, the company denied those allegations.
Things however got worse as on 4th May, Toll discovered some system irregularities and they had to shut down the systems to prevent further damage and infection.
It is also stated that the government advised Toll not to pay the ransom. Cybersecurity experts were also part of this decision. The Toll Group MD further added that they were working with the Cyber Security Centre to discover more details and reassure its customer. The company also started restoring its customer service applications through reliance on social media channels and online operations.
The company was also striving to support large enterprise services which had been disrupted abruptly. Some services like freight shipment and parcel deliveries which were disrupted in the network would continue through phone bookings. The bookings would be done through Toll’s contact center. They availed the contact details to be used for booking on their website.
Essential services and items movement was prioritized and employees had access to emails through Toll’s cloud-based platforms.
In addition to the restoration of important business activities, Toll Group M.D also took down some important lessons on the great impact of cybersecurity on all organizations. He expressed how cybercrime is an existing threat to all organizations and of all sizes. He further added that cyber threats will make businesses, the government, and regulators have joint efforts to combat and prevent the risks that come with cyber threats.
How Nefilim Ransomware Would Have Limited damage
The Toll Group insisted on how the Nefilim ransomware attack would have less damage compared to the first attack the company faced.
They argued that since Toll had experienced such an attack just recently, its staff would be more prepared and more resilient. They would adopt manual processes and the recovery would be more seamless. However, the attack would still have a great effect on Toll’s reputation and ruin their customer trust.
The situation still turned out to be devastating despite Toll’s prediction of how easy handling the situation would be. For this second attack, the systems went offline for weeks and there were also huge amounts of corporate data which were stolen in the process. Worse still, important data was also leaked to the dark web. Just imagine experiencing a terrible cyber attack in your business and as you are trying to recover, you are hit by another one.
As expected, as Toll experienced these two ransomware attacks, the I.T leadership was greatly affected and there were many reshuffles. The new CIO King Lee started by ensuring better internal operations as well as great customer support. The group is still sweeping up the effects of the ransomware attack to date since their customer trust was ruined.
According to Diana Peh, the Toll global head of data and I.T security governance, Toll is still experiencing the effects of the ransomware attack. They are still having customer concerns about different issues. They are also working hard to implement their incidence response plan quarterly and even outsourcing cybersecurity expertise.
The Toll ransomware attack overly shows the importance of not only having cybersecurity processes but ensuring they are implemented. It also shows how it is important to ensure they are well-rehearsed to mitigate the impacts of a possible cybersecurity incident.
This incident also shows business owners that disaster can strike more than once. Having experienced the first incident, Toll thought it was well prepared in the event of a second one but it was proven otherwise. In this case, Toll learned from its disasters and the hard way.
A cybersecurity incident recovery plan that is not well-rehearsed is not enough. Always ensure your business has a robust and tested plan to offer better solutions in case of an attack.
How cyber-secure is your business? Find out with our free cybersecurity health check.
It’s a 30 minute Zoom call that walks through a checklist to assess your current cybersecurity levels and provide a short report with some advice and recommendations.