Toll Group’s shipping and land operations have once again been the target of a cyber attack – the second this year.
The Japan Post Co., Ltd.-owned logistics company shut down its computers and IT systems this week, after detecting unusual activity on some of its servers.
Unlike the first attack, which took place on 31 January and was carried out by Russia-based hackers using ‘Netwalker’, a variant of Mailto ransomware, the latest attackers are using ‘Nefilim’, another ransomware variant.
Toll declined to reveal where the attack has come from.
“[It’s] a relatively new and sophisticated form of malware,” a Toll spokesperson told SAS. “Since the previous attack, Toll has taken a number of proactive measures including password resets, multi-factor authentication, and heightened monitoring in our Security Operations Centre. We are working with the Australian Cyber Security Centre and the Australian Federal Police.”
Investigations found the hacker had accessed at least one specific corporate server with information on Toll employees, commercial agreements, and some customers.
“At this stage, we have determined that the attacker has downloaded some data,” the company statement posted on 12 May read. “The attacker is known to publish stolen data to the ‘dark web’.”
The company said its staff were using personal computers for operations until the breach was secured.
“Toll was the victim of an unscrupulous act,” said Thomas Knudsen, managing director of Toll Group, “This a serious and regrettable situation and we apologise unreservedly to those affected.”
As with the previous incident, Toll is refusing to pay any ransom for the stolen data. The full impact of the cyber breach is yet to be seen, however industry insiders said emails were bouncing.
“We’ve yet to see if there are going to be the same problems with container pickups and drop offs as last time. It was chaos,” said a Toll spokesperson.
As with the first attack tracking cargo is predicted to become chaotic. Some containers are likely be lost on the wharves while the system is down. However, cyber security experts predict the outage will not be as long lasting as the first time, now that the company has upgraded its IT systems.
The ransom attack comes as reports that Japan Post, which bought out Toll in 2015, was looking for buyers.