A ransomware attack has crippled the operations of Australian transportation firm Toll, affecting more than 1,000 servers, according to inside sources cited by itnews.
After the attack on January 31, the company immediately began to disconnect parts of the infrastructure to stop it from spreading. While the company didn’t go into details, inside sources said that more than 1,000 servers were infected, and employees around the world have been told to keep their systems shut down.
“As part of the roll-out of business continuity measures in response to the recent cyber-attack, many of our customers are now able to access our services across large parts of the network globally including freight, parcels, warehousing and logistics, and forwarding operations,” said the company in an update on the situation.
“Based on a combination of automated and manual processes instituted in place of the affected IT systems, freight volumes are returning to usual levels. We have also increased staffing at our contact centers to assist with customer service.”
The attack was carried out using Mailto, according to researchers from the Australian Cyber Security Centre. It’s not as well-known as Ryuk or Maze, but it was still enough to bring down a large company. Toll refused to pay the ransom, and, with the help of the authorities and its own security teams, to bring the systems back online.
Some customers experienced problems, but the quick response and backup systems apparently allowed the company to continue providing services, albeit in a reduced manner.
It’s difficult to say how long it will take to get everything back up and running, but it’s important to know that the effects of a ransomware attack are felt even after the infrastructure is back at 100%. Now, the company has to beef up its security and ensure it doesn’t happen again.