More than 1,000 servers and 5,000 computers of major transport company infected with ransomware

The last six months have been of intense activity related to ransomware and cybercriminal groups that use this variant of malware to attack their victims. The Toll Group cybersecurity area confirmed a ransomware attack that forced the shutdown, isolation and temporary disabling of a significant portion of its IT infrastructure as an incident prevention and containment measure.

According to initial reports, up to 1,000 servers operating in the logistics giant’s data center were infected. In addition to shutting down these servers, the company advised its employees not to turn on their computers or avoid connecting them to corporate networks until further notice.

In its message, Toll Group mentioned that the incident was first detected last Friday, January 31: “Critical systems were disabled as soon as we detected the attack. In addition, a cybersecurity firm will conduct research to understand the causes of the incident and design the best possible prevention and management strategies.” The company also emphasized that its operations are maintained, albeit at a slower pace than usual.

The incident has already been reported to the relevant authorities, so the investigation is underway. The cybersecurity community is already waiting for the disclosure of more details related to the attack. Although Toll Group’s statement states that this was an attack specifically targeted at one of the company’s officials, the position of the target employee of the attack was not specified.

So far there is no known evidence of loss of sensitive information, although it is mentioned that Toll Group will reset all potentially compromised access credentials, among other actions to clean up your IT environment: “This is a situation unfortunate, but we’ll make sure this doesn’t happen again,” a company representative said.

According to the International Institute of Cyber Security (IICS), more than a thousand companies suffered ransomware attacks during the second half of 2019 in the United States alone. The main causes remain poor security filters and the poor cybersecurity culture of employees in target companies.