Ransomware, Asia Pacific, Content

Ransomware Attacks Toll Group for Second Time in 2020

Cybercriminals have launched a Nefilim ransomware attack against Toll Group, a global logistics company with a network that extends across 1,200 locations.

The ransomware attack forced Toll to shut down some of its IT systems on May 5, according to the company. Toll indicated there is no evidence that any data has been extracted from its network, and the company has no plans to pay the cyber ransom.

Toll is using business continuity plans and manual processes to keep its services running while it resolves the issue and expects these arrangements to stay in place for the remainder of the week, the company noted. It also has been in regular contact with the Australian Cyber Security Centre (ACSC) regarding the cyberattack.

This is the second ransomare attack that Toll has suffered in 200. The earlier event was a Mailto ransomware attack in January, iTnews reported. That attack impacted Toll's core services, and the company needed six weeks to recover from the incident.

Nefilim: Here's What MSSPs Need to Know

Nefilim was discovered in the wild in early 2020. It uses the same code as Nemty ransomware and threatens to release stolen data, according to Bleeping Computer.

Unlike Nemty, Nefilim does not feature a ransomware-as-a-service component, Bleeping Computer reported. Instead, Nefilim uses email communications for ransom payments.

Nefilim cybercriminals provide a ransom note that states a victim has seven days to pay the ransom, or the victim's stolen data will be released, Bleeping Computer indicated. Furthermore, there is currently no way to recover files stolen during Nefilim attacks for free.

How to Guard Against Nefilim Attacks

Cybercriminals use Nefilim to target remote desk protocol (RDP) ports, Trend Micro stated. As such, organizations can use the following techniques to guard against Nefilim attacks:

  • Close RDP ports that are not currently in use
  • Ensure only authorized users can access RDP networks
  • Continuously monitor networks
  • Limit the number of failed network login attempts

MSSPs that understand the risks associated with Nefilim and other ransomware strains can help organizations plan accordingly. In addition, MSSPs can offer security tips and strategies to help organizations protect their data against a wide range of cyberattacks.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.