Warning as Toll and F&P Appliances files dumped on dark web
The Nefilim ransomware gang has published more files from recent victims Toll Group and Fisher & Paykel appliances.
Brett Callow, a threat-assessment analyst with anti-virus and antimalware company Emsisoft, told the Herald ransomware gangs often place selected files on the dark web — in up to eight instalments — in a bid to pressure a victim into paying a ransom.
Toll and F&P Appliances (and another recent victim, Lion) told the Herald last week that their systems had been restored following recent ransomware attacks. None had entered negotiations with their attackers.
The data dump overnight was the second instalment of Toll files to be made public on the web.
The second tranche of F&P Appliances data to be published includes more than 500 financial and planning files.
The first tranche last month included an expenditure vs budget spreadsheet and a China Business Unit Report presentation, both dated January 2020, and a China Manufacturing Review spreadsheet dated March 2020. All were multi-page and densely packed with financial data and metrics, according to a security consultant who viewed them.
Anyone could take a peek — but think twice.
Beyond receiving stolen files, you could also be downloading boobytrapped files.
CERT NZ deputy director Declan
Ingram earlier warned that ransomware gangs often planted malware in returned files, the better to open the way to a fresh attack (another good reason not to pay a ransom).
Australia and New Zealand have both announced boosts for government-backed efforts to help protect Crown agencies and private enterprise from cyber attacks.