Links

• Toll Group shuts IT systems after 'cyber security incident’
• Toll Group tight-lipped on alleged ransomware attack
• Toll Group hit by "new variant" of Mailto ransomware
• Toll Group confirms "targeted" ransomware attack

Who

Toll Group

What

Ransomware

How

The ‘how’ regarding this attack is unclear, as the ransomware used is relatively new, with early sightings appearing in October 2019. The ransomware infected 1000 servers world-wide.

Response

Upon discovery of the breach, Toll shut down IT systems to begin investigating. Staff around the world were told to leave devices switched off and disconnected from the corporate network. Toll began the process of manually cleaning servers to bring them back online. Toll did not address points presented to them by several media representatives, nor did their outsourced IT service provider Infosys. Toll did not pay the ransom requested.

Consequence

• Customer-facing applications, systems, and business units impacted over several months. This resulted in significant reputational damage.
• Delivery receipts were being recorded manually instead of electronically
• 200GB of corporate data lost
• Automated delivery switched to manual operation
• Toll Group’s largest clients made new commercial arrangements with rival businesses
• Similar breaches, such as the 2017 FedEx attack cost roughly $300 million to clean up

Analysis

Organisations need to consider a layered approach to mitigate cyber risks, including controls to defend attacks as they happen. Secure practices such as authentication and other multi-factor solutions are a must to prevent unauthorised access to privileged user credentials.