Mailto Ransomware Hits Toll Group, Deliveries Across Australia Affected

Toll Group, Australia’s logistics giant, was targeted by a cybersecurity incident that compromised around 1,000 systems affecting local and global deliveries across the country. As per the findings of the experts from the Australian Cyber Security Center (ACSC), the logistics company’s computer and network infrastructure was hit by the Mailto ransomware attack.

The report of Toll Group being affected by ransomware first surfaced when the company issued a press release on its website and Twitter handle, officially informing its users about the incident.

How Mailto Ransomware Affected Toll Group Australia

On January 31, post the attack discovery, Toll promptly shut down several systems across multiple sites and business units in Australia to contain the spread of the cyberattack. According to a report in iTnews, more than 1,000 servers (computers) were affected by the large scale Mailto ransomware attack. Thus, the incident resulted in Toll reverting to manual processes for clearing the backlog of undelivered local and international parcels across Australia. It continued to function its regular pickup, process and dispatch services but at a slow pace due to manual processing.

Giving updates on the current situation, Toll said, “There continues to be no indication that any personal data has been lost as a result of the ransomware attack on our IT systems. We continue to monitor this as we work through a detailed investigation. Based on a combination of automated and manual processes instituted in place of the affected IT systems, freight volumes are returning to usual levels. We have also increased staffing at our contact centers to assist with customer service.”

Toll also involved experts from various cybersecurity organizations, including the ACSC, for analyzing the impact and reach of the Mailto ransomware attack. These findings were further shared with other law enforcement departments and cybersecurity organizations to prevent future damages from a similar variant of Mailto ransomware.

Steps to Defend Against a Ransomware Attack: Australian Government

With a view to the increased number of Mailto and other forms of ransomware attacks targeted towards businesses in Australia, the government agency has released the following precautionary measures:

• Keep your anti-virus software and other security tools installed on the systems updated for detection and prevention of the spread of Mailto ransomware.
• Patch the servers regularly to restrict the lateral movement of ransomware attacks within a network and limit the number of hosts impacted post successful infection.
• Maintain offline backups (eg. cloud backup) of critical data which allows faster recovery in case of a ransomware attack.
• Apply content filters on email inboxes to prevent malicious content from reaching users and thus reducing the chance of a possible compromise.
• Use network segmentation to partition the larger networks into smaller sections for segregating communications between specific hosts and services.
• Draft an incidence response plan for quick response in the event of a ransomware attack.
• Educate your employees and users to improve cybersecurity awareness and make them cyber ready.