Hackers post third batch of files from Toll malware attack

Cyber criminals have posted online a third batch of documents stolen from logistics giant Toll Group in May.

Cliona O’Dowd

less than 2 min read

11:29PMJuly 05, 2020

Hackers who accessed logistics giant Toll Group’s corporate server files in May have released a third batch of documents stolen in the attack.

Financial documents and tax invoices are among the latest data posted on to the dark web, after the cyber criminals released portions of the stolen files in May and June once Toll refused to pay a ransom.

The Nefilim malware that gained access to Toll’s servers in May was the second ransomware attack the group has suffered this year, after it fell victim to a mailto attack in January.

Alongside the latest data dump, the cyber criminals claimed they had stolen more than 200GB of private data from its servers and that the company had failed to secure its network after the earlier malware attack.

Once the company realised it was under attack in May, it disabled its systems and implemented heightened security. It also launched an investigation into the incident, a Toll spokesperson told The Australian.

“As part of our ongoing investigations, we subsequently established that the ransomware attackers had accessed a Toll corporate server and extracted a small portion of files. We refused from the outset to engage with ransom demands.

“We’re aware that certain information has been published to the dark web. We’re investigating the precise nature of the information, with the support of our cyber security partners. We continue to work closely with relevant federal authorities on the matter,” the spokesperson said on Sunday evening.

Following the attack the logistics giant put in place measures to further strengthen the security of its IT systems.

“Toll condemns in the strongest possible terms the actions of the cyber criminals, and we continue to work closely with the relevant authorities to investigate and remediate the issue,” the spokesperson said.

The January mailto cyber attack delayed deliveries and forced customer systems offline until early March, hitting the company’s bottom line, but any cost fallout from the most recent breach will be reflected in its 2021 accounts, with its financial year running from April to March.

A “harsh external business environment” weighed on the group over the year, it said, as it handed down its full-year result in May, with volumes declining on the back of a slowing Australian economy, the coronavirus pandemic, and US-China trade tensions.