In a statement posted on Tuesday afternoon, Toll said that it was shutting down some of their IT systems on Monday after they detected unusual activity on one of their servers.
Toll confirmed that there was a cyberattack on their systems, in the form of a relatively new form of ransomware known as Nefilim.
This is the second ransomware attack Toll has experienced this year. They confirmed that the two incidents look to be unrelated.
They are yet to state how the ransomware infiltrated their systems however, it doesn’t look like their data has been compromised at this stage.
It is a common misconception that small businesses and individuals are safe and unlikely to be victims of cyberattacks like the ones Toll has experienced. Small businesses are often an attractive target because of this misconception. They believe that cybersecurity isn’t an investment they should make, and cybercriminals know this and use it to their advantage.
What is Ransomware?
Ransomware is a form of malware that works to encrypt a victim’s files. The attacker then demands a ransom in order to unlock and restore access to the files. Files can anything from Word documents to software database files, loosing access to both could be detrimental to a businesses operation.
We have seen ransoms requested for a few hundred to hundreds of thousands of dollars. Generally, the cyber criminals performing these attacks are ‘reputable’ and will provide you with an unlock key to gain access to your files again. However, there is no guarantee, even if you pay the ransom.
How do you get Ransomware?
There are many ways Ransomware can infiltrate a computer or server, but the most common method is through phishing emails.
‘Phishing emails’ are emails posing to be from someone, or from somewhere that they are not. They will request you to download a file, either from within the email itself or from an external link. A program will be downloaded to your computer and will work quickly to lock down your files. A lot of the time you won’t even notice it running, and by the time you notice files being locked, it’s too late!
How can I protect myself?
Education and proactive prevention are key! Ransomware commonly enters a business through malicious emails so, having an email filtering and ‘containerisation’ platform in place is step one.
Having a live backup that is separate to your day to day business operating systems is key. Being separate means that if your files do become compromised, the ransomware can’t travel to the backup system as well, and you can restore operating systems with relatively little interruption.
No system can provide 100% protection, so your next step of defense is education. Teaching you and your team how to identify phishing emails and malicious activity. Phishing emails can look legitimate and be really tricky to spot, particularly if they are targeted at an individual person. We recently published a training video on how to identify phishing emails, watch it here.
The True Cost of Ransomware
When setting up and reviewing your cybersecurity, it is important to think about what a cyberattack like this one would cost your business, besides the ransom itself. The damage to your reputation, productivity, and service delivery. We published an article on what the average cost of a ransomware cyberattack is, you can read more about it here.
We are an IT Managed Service Provider who specialises in Cybersecurity. We would love to help you understand how you can better protect yourself and your business!