Following the revelation that the Toll Group, an Australian transportation company with a global reach, was compromised with ransomware a second time in less than six months, new information has come to light. Hackers stole massive amounts of data, in addition to locking systems with ransomware.
The initial attack took place on Jan. 31, and the company needed a few months to restore operations fully. News of the second attack came May 12, and the Toll Group confirmed it’d fallen victim to a ransomware known as Nefilim.
Like with the initial attack, the company refused to deal with the hackers or pay any kind of ransom, following recommendations of law enforcement and cybersecurity specialists. But the second attack was different, because it looks like the attackers spent a good deal of time in the infrastructure, exfiltrating data.
“Following our announcement last week that a ransomware attacker had stolen data contained on at least one Toll corporate server, our ongoing investigation has established that the attacker has now published to the dark web some of the information that was stolen from that server,” said the company on its blog.
“As a result, we are now focused on assessing and verifying the specific nature of the stolen data that has been published. As this assessment progresses, we will notify any impacted parties as a matter of priority and offer appropriate support.”
According to a report on Data Breach Today, some of the stolen data was published on the dark web, showing that the attackers are serious about their intentions. A total of 220GB was stolen, including financial reports, invoices, and much more.
For now, it’s unclear how the Toll Group will choose to continue, but it seems like it’s a bigger problem than the January attack, and there is no clear end in sight.