Toll not paying ransom hackers
TOLL Group continues to suffer delays, and some systems are still offline, a week after it was hit by a ransomware attack in which hackers seized control of some of its data.
But the transport and logistics giant has no intention of paying up.
‘‘The ransom demand [for return of data] did not specify a figure. It did provide contact details for Toll to arrange a ransom payment,’’ a company spokeswoman said.
‘‘But we’ve made no contact with the attackers and have no intention of engaging.
‘‘We are treating it as a criminal matter and have referred it to the relevant authorities.’’
Police and Crown agency CERT NZ (the Computer Emergency Response Team) both recommend against paying a cyber ransom, on the basis there is no guarantee data will be released. They also see it encouraging further offending and it often helps fund organised criminal networks also involved in everything from drugs to human trafficking.
However, IT lawyer Michael Wigley earlier argued that when a ransom is low, it is worth a shot — and even that a company could have a duty of care to retrieve clients’ data.
The Toll spokeswoman also revealed the company was hit by a variant of the ‘‘Mailto’’ ransomware attack, whereby data is encrypted and a payment is demanded to make it readable again.
That backs up the company’s earlier statements that no customer data appeared to have been stolen, as is sometimes the case with a ransomware attack (such as the recent Travelex heist).
‘‘Based on a combination of automated and manual processes instituted in place of the affected IT systems, freight volumes are returning to usual levels,’’ the spokeswoman said.
‘‘Notwithstanding the fact services are being provided largely as normal, some customers are experiencing delays or disruption.
‘‘We’re working to address these issues as we focus on bringing our regular IT systems back online securely.’’
The Melbournebased Toll operates in 50 countries, including New Zealand and China, and is running some of its systems on manual at a time when it is also grappling with complications caused by the coronavirus.
Currency exchange firm and Air New Zealand partner Travelex was forced offline on January 8 after a ransomware attack, during which five gigabytes of customer data was stolen, including dates of birth and credit card information.
The BBC reported a $US6 million ($9.3 million) ransom demand as Travelex resorted to pen and paper.
Travelex went back online on January 28. Reuters quoted the company saying it had not paid any ransom.
New Zealand businesses or individuals hit by a cyberattack are advised to contact Crown agency CERT as their first step.
CERT acts as a triage unit, pointing people to the right law enforcement agency or technical contacts. — The New Zealand Herald