In 2020, global logistics provider Toll Group was targeted by the Nefilim ransomware operation, resulting in a complete network breach. Attackers gained unauthorized access to corporate systems, exfiltrated sensitive operational and financial data, and deployed AES-128 encryption across critical servers and workstations, appending the ".NEFILIM" extension to affected files. The disruption forced Toll Group to halt certain shipping and freight operations temporarily, incurring significant revenue losses and logistical delays. Stolen data included client manifests, internal financial reports, and employee records, which the attackers threatened to publish on dark-web leak sites unless a bitcoin ransom was paid. Although Toll Group engaged cybersecurity experts to isolate infected segments, restore backups, and negotiate with the threat actors, remediation costs—including incident response, system recovery, legal fees, and potential regulatory fines—exceeded tens of millions of dollars. The breach also damaged the company’s reputation, prompting customers to seek alternative logistics partners amid concerns over data confidentiality and service resilience.
TPRM report: https://scoringcyber.rankiteo.com/company/jobs
"id": "job001050225",
"linkid": "jobs",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Logistics',
'location': 'Global',
'name': 'Toll Group',
'type': 'Logistics provider'}],
'attack_vector': 'Unauthorized access to corporate systems',
'data_breach': {'data_encryption': 'AES-128',
'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Operational data',
'Financial data',
'Employee records']},
'date_detected': '2020',
'description': 'In 2020, global logistics provider Toll Group was targeted by '
'the Nefilim ransomware operation, resulting in a complete '
'network breach. Attackers gained unauthorized access to '
'corporate systems, exfiltrated sensitive operational and '
'financial data, and deployed AES-128 encryption across '
"critical servers and workstations, appending the '.NEFILIM' "
'extension to affected files. The disruption forced Toll Group '
'to halt certain shipping and freight operations temporarily, '
'incurring significant revenue losses and logistical delays. '
'Stolen data included client manifests, internal financial '
'reports, and employee records, which the attackers threatened '
'to publish on dark-web leak sites unless a bitcoin ransom was '
'paid. Although Toll Group engaged cybersecurity experts to '
'isolate infected segments, restore backups, and negotiate '
'with the threat actors, remediation costs—including incident '
'response, system recovery, legal fees, and potential '
'regulatory fines—exceeded tens of millions of dollars. The '
'breach also damaged the company’s reputation, prompting '
'customers to seek alternative logistics partners amid '
'concerns over data confidentiality and service resilience.',
'impact': {'brand_reputation_impact': 'Damaged',
'data_compromised': ['Client manifests',
'Internal financial reports',
'Employee records'],
'downtime': 'Temporary halt of shipping and freight operations',
'financial_loss': 'Tens of millions of dollars',
'operational_impact': 'Significant logistical delays',
'revenue_loss': 'Significant',
'systems_affected': ['Critical servers', 'Workstations']},
'initial_access_broker': {'data_sold_on_dark_web': 'Threatened'},
'motivation': 'Financial gain',
'ransomware': {'data_encryption': 'AES-128',
'data_exfiltration': 'Yes',
'ransom_demanded': 'Bitcoin ransom',
'ransomware_strain': 'Nefilim'},
'response': {'containment_measures': 'Isolate infected segments',
'remediation_measures': 'Restore backups',
'third_party_assistance': 'Cybersecurity experts'},
'threat_actor': 'Nefilim ransomware operation',
'title': 'Toll Group Ransomware Attack',
'type': 'Ransomware'}