A ransomware attack has crippled the operations of
Australian transportation firm Toll, affecting more than 1,000 servers were
affected, according to inside sources cited by itnews.
After the attack on January 31, the company immediately
began to disconnect parts of the infrastructure to stop it from spreading.
While the company didn’t go into details, inside sources said that more than 1,000
servers were infected, and employees around the world have been told to keep
their systems shut down.
“As part of the roll-out of business continuity measures
in response to the recent cyber-attack, many of our customers are now able to
access our services across large parts of the network globally including
freight, parcels, warehousing and logistics, and forwarding operations,” said
the company in an update
on the situation.
“Based on a combination of automated and manual processes
instituted in place of the affected IT systems, freight volumes are returning
to usual levels. We have also increased staffing at our contact centers to
assist with customer service.”
The attack was carried out using Mailto, according to
researchers from the Australian Cyber Security Centre. It’s not as well-known
as Ryuk or Maze, but it was still enough to bring down a large company. Toll
refused to pay the ransom, and, with the help of the authorities and its own
security teams, to bring the systems back online.
Some customers experienced problems, but the quick
response and backup systems apparently allowed the company to continue
providing services, albeit in a reduced manner.
It’s difficult to say how long it will take to get
everything back up and running, but it’s important to know that the effects of
a ransomware attack are felt even after the infrastructure is back at 100%.
Now, the company has to beef up its security and ensure it doesn’t happen
again.