(Updated May 13, 12:20 A.M ET, with comment from Toll)
Australian logistics and freight transport powerhouse Toll Group announced on Tuesday that cybercriminals using ransomware known as “Nefilim” attacked its systems last week.
A corporate server containing information on current and former Toll employees and customers was infiltrated.
The Melbourne-based company said it shut down its information technology systems to mitigate the risk of further infection and has not given in to demands to pay a ransom in exchange for being allowed access to its data again. Toll noted that the server is not a database for customers’ operational data.
Toll, ranked among the top 20 third-party logistics providers in the world by gross revenue, said it is still investigating what specific data the attackers downloaded. It said the unidentified attacker is known to publish stolen data on the so-called dark web rather than conventional online platforms.
It is the second time this year hackers have targeted Toll Group. On Feb. 1, the company notified the public it may have been the target of a cyberattack and that it had shut down its systems as a precaution.
Ransomware is a virus that locks a hard drive, rendering it inaccessible to the user, until a ransom is paid, generally in a cryptocurrency not tied to any regulated banks. Like all forms of cyberattacks, it is becoming an increasing problem in the freight and logistics sectors. Since last summer, ransomware outages have hit Truckstop.com, less-than-truckload carrier A. Duie Pyle and other companies. Container shipping giant Mediterranean Shipping Co. was the apparent victim of a cyberattack earlier this year. And in 2017, the biggest shipping line in the world, A.P. Moller-Maersk Group, was crippled by a cyberattack.
The Netfilim ransomware variant is a relatively new and sophisticated form of malware and is unrelated to the previous attack, a Toll Group spokesperson said.
Law enforcement agencies recommend against paying ransoms because there is no guarantee companies will get their data back.
Toll is working with the Australian Cyber Security Centre and the Australian Federal Police on the investigation.
“We condemn in the strongest possible terms the actions of the perpetrators. This a serious and regrettable situation and we apologize unreservedly to those affected. I can assure our customers and employees that we’re doing all we can to get to the bottom of the situation and put in place the actions to rectify it,” Managing Director Thomas Knudsen said in a statement.
Toll said it expects that it will take a number of weeks to determine more details and has begun contacting people believed to have been impacted. It is also providing individuals with online security monitoring tools.
Cybercrime poses “an existential threat for organizations of all sizes, making it more important than ever for business, regulators and government to adopt a united effort in combating the very real risk it presents to the wider community,” Knudsen said.
Toll Group has a large U.S. division that offers multimodal international and domestic freight transportation and warehousing services.
(Correction: A. Duie Pyle’s name was misspelled in an earlier version of this story.)
