• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

Toll Crippled By Cyberattack

You are here: Home / Security News / Toll Crippled By Cyberattack

Two weeks ago, Australian logistics company Toll fell victim to a targeted cyberattack that brought transport operations to a standstill. The ransomware infection forced Toll to shut down a significant portion of their critical IT infrastructure – as many as a thousand servers – to prevent further spread of the malware.

It was discovered that the ransomware in question is known as “Mailto” or “Kokoklock”. Like most ransomware, Mailto encrypts as many files as it can on a system, making them unusable, then prompts the user to follow instructions if they wish to access the files again. This process usually involves paying a ransom to the attacker, typically in the form of cryptocurrency or a digital funds transfer to a foreign bank account. Upon paying the ransom, the attacker may then choose to honour the ransom, and give the victim the key to decrypt the files. There is also a chance that the attacker does not keep their word, but instead disappears with the funds and the decryption key, leaving the victim penniless and without access to critical files, particularly if backups did not exist.

Following the infection and the forced shutdown of servers, many of Toll’s logistics operations came to a halt, causing significant frustration with customers. The company issued a statement on Friday 31st January that they were suffering the effects of a “cyber security incident”. Tracking and pickup systems were offline during this period. Following this, Toll issued statements that it had begun working to restore services. Many customers had deliveries that were missed or delayed, without access to the online tracking in order to find the shipment’s location.

Toll assured customers that no personal data had been lost as a result of the attack, and that continual monitoring of data will be carried out into the near future. It has not been made public what defensive measures were in place to protect against a ransomware attack, though the successful restoration of services in the last week has made it apparent that system restorations from backups had been utilised.

According to Corey Nachreiner, Chief Technology Officer at WatchGuard Technologies, given the targeted nature of this attack it is likely that the attacks used several other techniques to gain access to private systems and networks using stolen user credentials in order to bypass security controls to install and spread the ransomware.

Businesses in Australia are at a greater risk than ever of falling victim to a severe ransomware attack. Strong user authentication practices such as multi-factor authentication, and strong password policy and security culture is critical to defending against such ransomware attacks, especially those that are targeted. In addition, in the event of a ransomware attack, a strong and regularly tested backup solution is one of the very few ways that files can be recovered without paying the ransom.

Organisations that rely on IT infrastructure for everyday business are most at risk, and Agilient’s expert consultants can help your organisation defend itself from today’s constant ransomware attacks. Every organisation is at risk, no matter the size. In fact, smaller businesses are most at risk of significant financial downfall in the event of a cyber-attack. If you’d like to know more about how we can help you protect your organisation, contact us today.

Author: Jack Schofield, Agilient Consultant

Tweet
Share

Security News cybersecurity,  infrastructure,  Kokoklock,  logistics,  Mailto,  MFA,  ransomware,  Toll,  transport

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2021 Agilient · Level 3, 655 Pacific Highway, St Leonards, NSW 2065 · 1300 341 692