Incidents

More than 1,000 servers and 5,000 computers of major transport company infected with ransomware

The last six months have been of intense activity related to ransomware and cybercriminal groups that use this variant of malware to attack their victims. The Toll Group cybersecurity area confirmed a ransomware attack that forced the shutdown, isolation and temporary disabling of a significant portion of its IT infrastructure as an incident prevention and containment measure.

According to initial reports, up to 1,000
servers operating in the logistics giant’s data center were infected. In
addition to shutting down these servers, the company advised its employees not
to turn on their computers or avoid connecting them to corporate networks until
further notice.

In its message, Toll Group mentioned that the
incident was first detected last Friday, January 31: “Critical systems
were disabled as soon as we detected the attack. In addition, a cybersecurity
firm will conduct research to understand the causes of the incident and design
the best possible prevention and management strategies.” The company also
emphasized that its operations are maintained, albeit at a slower pace than
usual.

The incident has already been reported to the relevant
authorities, so the investigation is underway. The cybersecurity community is
already waiting for the disclosure of more details related to the attack.
Although Toll Group’s statement states that this was an attack specifically
targeted at one of the company’s officials, the position of the target employee
of the attack was not specified.

So far there is no known evidence of loss of
sensitive information, although it is mentioned that Toll Group will reset all
potentially compromised access credentials, among other actions to clean up
your IT environment: “This is a situation unfortunate, but we’ll make sure
this doesn’t happen again,” a company representative said.

According to the International Institute of Cyber
Security (IICS), more than a thousand companies suffered ransomware attacks
during the second half of 2019 in the United States alone. The main causes
remain poor security filters and the poor cybersecurity culture of employees in
target companies.

To Top

Pin It on Pinterest

Share This