Ransomware cyber

Toll Group

Jan 1, 2020 1 min read
Toll Group

In January 2020, Toll Group, a Melbourne-based logistics company, fell victim to a **ransomware attack** orchestrated by the hacker group **Nefilim**. The attackers deployed **Mailto ransomware**, encrypting and exfiltrating **220 GB of data** from a corporate server. The compromised data included sensitive information about **current and former employees**, such as personal and employment records. The primary motive was **financial extortion**, with hackers demanding a ransom in exchange for decryption keys and to prevent public exposure of the stolen data. Toll Group **refused to negotiate or pay the ransom**, opting instead to restore systems from backups and implement enhanced cybersecurity measures. The incident disrupted internal operations, raised concerns over employee data privacy, and highlighted vulnerabilities in the company’s IT infrastructure. While no customer data was reported as breached, the attack underscored the growing threat of **targeted ransomware campaigns** against large enterprises, particularly in the logistics and supply chain sectors.

Source: https://splash247.com/toll-group-shuts-down-several-systems-after-suspected-cyber-attack/

TPRM report: https://www.rankiteo.com/company/tollgroup

"id": "tol336092125",
"linkid": "tollgroup",
"type": "Ransomware",
"date": "1/2020",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'logistics',
                        'location': 'Melbourne, Australia',
                        'name': 'Toll Group',
                        'type': 'logistics/transportation'}],
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': '220 GB',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'high (personally identifiable '
                                        'information)',
                 'type_of_data_compromised': ['employee records (past and '
                                              'present)']},
 'date_detected': '2020-01',
 'description': 'In January 2020, Melbourne (Australia) based Toll Group '
                'experienced a ransomware attack on their corporate server by '
                'the hack group Nefilim. The hackers used Mailto ransomware to '
                'encrypt the stolen data and decode the files so that they are '
                'useless. The goal of the hackers was clearly financial gain. '
                'Investigations show that a total of 220 Gigabytes of data was '
                'stolen from one specific server. The data contains '
                'information about past- and present Toll Group employees. The '
                "firm refused to 'settle' with the group.",
 'impact': {'data_compromised': '220 GB (employee data: past and present)',
            'identity_theft_risk': 'high (employee PII exposed)',
            'systems_affected': ['corporate server']},
 'initial_access_broker': {'high_value_targets': ['corporate server']},
 'motivation': 'financial gain',
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransomware_strain': ['Mailto', 'Nefilim']},
 'threat_actor': 'Nefilim',
 'title': 'Toll Group Ransomware Attack (January 2020)',
 'type': 'ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.