Toll Group has revealed it is suffering its second ransomware attack this year, attributing the current infection to a type of malware known as Nefilim.
The admission comes less than a day after iTnews reported exclusively that the logistics giant had shut down its IT systems after detecting “unusual activity” on an undisclosed number of servers.
“As a result of investigations undertaken so far, we can confirm that this activity is the result of a ransomware attack,” Toll Group said in an advisory on Tuesday.
“Working with IT security experts, we have identified the variant to be a relatively new form of ransomware known as Nefilim.
“This is unrelated to the ransomware incident we experienced earlier this year.”
Nefilim’s existence was reported by Bleeping Computer back in March.
“Nefilim became active at the end of February 2020 and while it is not known for sure how the ransomware is being distributed, it is most likely through exposed Remote Desktop Services,” the report stated.
The ransomware threatens to publish data if a ransom is not paid after a week.
As with the first ransomware attack on Toll Group earlier this year, Toll has publicly declared it will not pay.
“Toll has no intention of engaging with any ransom demands, and there is no evidence at this stage to suggest that any data has been extracted from our network,” it said.
“We are in regular contact with the Australian Cyber Security Centre (ACSC) on the progress of the incident.”
Toll Group said it expected to have manual processes in place for at least the remainder of the week.
“We have been in contact from the outset with various customers impacted by the issue and we continue to work with them to minimise any disruption,” it said.
Toll Group had only just recovered from a devastating ransomware attack in late January that took out a large part of its IT infrastructure.
In that case, another relatively new type of malware called Mailto was used by attackers.
Some of Toll Group's major retailer customers, who ship via its services, declined to comment on the impact of the latest infection when contacted by iTnews.