Following the revelation that the Toll Group, an
Australian transportation company with a global reach, was compromised with
ransomware a second time in less than six months, new information has come to
light. Hackers stole massive amounts of data, in addition to locking systems
with ransomware.
The initial attack took place on Jan. 31, and the company
needed a few months to restore operations fully. News of the second attack came
May 12, and the Toll Group confirmed it’d fallen victim to a ransomware known
as Nefilim.
Like with the initial attack, the company refused to deal
with the hackers or pay any kind of ransom, following recommendations of law
enforcement and cybersecurity specialists. But the second attack was different,
because it looks like the attackers spent a good deal of time in the
infrastructure, exfiltrating data.
“Following our announcement last week that a ransomware attacker had stolen data contained on at least one Toll corporate server, our ongoing investigation has established that the attacker has now published to the dark web some of the information that was stolen from that server,” said the company on its blog.
“As a result, we are now focused on assessing and
verifying the specific nature of the stolen data that has been published. As
this assessment progresses, we will notify any impacted parties as a matter of
priority and offer appropriate support.”
According to a report on Data Breach Today, some of the stolen data was published on the dark web, showing that the attackers are serious about their intentions. A total of 220GB was stolen, including financial reports, invoices, and much more.
For now, it’s unclear how the Toll Group will choose to
continue, but it seems like it’s a bigger problem than the January attack, and
there is no clear end in sight.