Toll, a large Australian transportation company, was hit
with a new ransomware attack, only three months after a previous incident. This
time, the malware is named Nefilim, and attackers also stole data from the
The first attack, which crippled the transportation company, took place on January 31. It took the firm months to fully recover from that event, and it now faces yet another ransomware attack, this time of a different nature.
If the first Mailto ransomware attack directly affected
their entire infrastructure, on a global level, the second attack was more
insidious, likely because the company took better security measures.
Toll revealed that hackers gained access to one of their
servers, stole some data, and deployed the Nefilim ransomware. The affected
systems are slowly being brought back online.
“Our ongoing investigations have established that the
attacker has accessed at least one specific corporate server,” said Toll in a communique.
“This server contains information relating to some past and present Toll
employees, and details of commercial agreements with some of our current and
former enterprise customers. The server in question is not designed as a
repository for customer operational data.”
The investigation revealed that the attacker downloaded
some data from the server, but they have yet to determine precisely what was stolen.
The likely destination of the data is the “dark web” if it is ever put up for
The company is already in the process of contacting the
people and companies affected by the breach, and they’ve already announced that
they have no intention of paying the ransom, which is line with the standing
recommendations in such situations. Toll also notified the Australian Cyber
Security Centre (ACSC) and the Australian Federal Police (AFP) of the incident.