18 days after the Australian transportation firm Toll was
crippled by ransomware, the company is still suffering problems, and the attack
continues to impact its customers. It shows that the cost of ransomware is often
much higher than the ransom requested by the attackers.
Some companies choose not to pay the hackers or even
communicate with them, and this is precisely what Toll has been doing. While
this method might not discourage further attacks, it does send a message that
organizations should resist. In fact, Australia’s Computer Emergency Response
Team (CERT) recommends that people or companies not pay the ransom.
Following the attack, Toll started the difficult work of
restoring the systems, but the bigger the company, the more complex the
infrastructure. The company’s clients were the first impacted, and an AFR
report says that Officeworks, Unilever, Adidas, and Nike are among organizations
affected.
“We now have many of our customers back online and
operating essentially as normal, including through large parts of our global
cargo forwarding network and across our logistics warehouse operations around
the world,” said
a Toll spokesperson for NZME.
“For all of that, we know that some of our customers
continue to be affected. We’re working with them and we’re doing everything in
our power to get them moving as a matter of priority and, importantly, when
it’s safe to do so.”
Toll has yet to provide a timeline for the restoration of
services, and it’s not difficult to see why.
On January 31, Toll experienced
one of the largest ransomware attacks in Australia, which impacted the
organization at a global level. Some reports mentioned that a variation of
Mailto was responsible for the infection, but there’s no official word yet.