The Toll Group Australia has Been Targeted by the Netfilim Ransomware Operators – Massive Data Leak

As usual Netfilim ransomware operators add another data breach to their name. In this instance, they breached The Toll Group Australia, one of the largest and well-known Australian transportation and logistics organisation.

The Toll Group Australia was been established in the year 1888 by Albert Toll. With over 125 years’ experience, Toll Group, proudly part of Japan Post, operates an extensive global logistics network across 1,200 locations in more than 50 countries. Our 40,000 employees provide a diverse range of transport and logistics solutions covering road, air, sea, and rail to help our customers best meet their global supply chain needs.  The Toll Group is an Australian transportation and logistics company with operations in road, rail, sea, air, and warehousing. It has three divisions; Global Express, Global Forwarding, Global Logistics. It is a subsidiary of Japan Post Holdings. Toll Global Express is a logistics and transportation division of the group. In 2012 it had plans to extend its compressed natural gas-powered fleet to more than 70 trucks. In 2014 it announced a $150-million, 71,000-square-metre, parcel-sorting center near Melbourne Airport, to be built in partnership with Australia Pacific Airports.

Based on the information leaked, it appears that the negotiation between the ransomware operators and the Toll Group failed, which made them leak the data. This data leak seems to be a warning for the company to accept the terms of the ransomware operators.

Below is the message been posted by the Netfilim Ransomware Operators-:

The Cyble Research Team has verified the data leak of around 2 GB. The data leak includes corporate operational and financial documents of the organisation such as Payroll data, the company’s monthly financial reports, the company’s administrative accounts, and many more. Below is the snapshot of the few files from the directory listing and some of the confidential documents being leaked by the Netfilim ransomware operators.

As per Cyble’s researchers, more parts of data leak may be leaked online if the terms of the ransomware operators are not been fulfilled.

About Cyble:

Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.

Cyble strives to be a reliable partner/facilitator to its clients allowing them with unprecedented security scoring of suppliers through cyber intelligence sourced from open and closed channels such as OSINT, the dark web and deep web monitoring and passive scanning of internet presence. Furthermore, the intelligence clubbed with machine learning capabilities fused with human analysis also allows clients to gain real-time cyber threat intel and help build better and stronger resilience to cyber breaches and hacks. Due to the nature of the collected data, the company also offer threat intelligence capabilities out-of-box to their subscribers.