What happened
In May 2020 the logistics company Toll Group was hit by the Nefilim ransomware โ its second ransomware incident that year. Toll confirmed the attacker had downloaded data from a corporate server, including personal information of past and present employees and details of commercial agreements with some enterprise customers [toll-itnews]. Toll declined to pay the ransom, and stolen data was subsequently published on the dark web [toll-acs].
Timeline
- 2020-05 โ Nefilim ransomware attack; Toll confirmed data had been downloaded from a corporate server [toll-itnews].
- 2020-05 โ Stolen data was posted to a dark-web leak site after Toll refused to pay [toll-acs].
Current status
Disclosed. Toll did not publish a count of affected individuals, so no figure is asserted here. Figures and data types are as reported by the company and credible media [toll-itnews], [toll-acs].
Why it matters
A major trans-Tasman logistics operator, hit twice in one year, with confirmed exfiltration and dark-web publication of employee data โ an early, high-profile example of double-extortion ransomware in the region.