Ransomware takes its TOLL

You may have read reports, such as this in the Australian Financial Review, on the recent ransomware attack on Australian transportation and logistics giant, Toll Group.  This really brings home to the Australian business community a topic we at The IT Agency have written and warned about many times, most recently in our blog post of 16th January 2020.

It appears that Toll have fallen victim to a new variant of previously known Ransomware called ‘mailto’.

Details of how Toll’s systems came to be infected have not been made public, but experience tells us the most likely source is via a compromised email opened by an unsuspecting user. It took Toll almost 1 month to reactivate their IT systems and reintegrate their major customers.

Re-iterating our long-standing advice, the first line of defence for any business is a multi-layered security system.  There is no silver bullet – no single action that will protect in all circumstances.

End-user training

Unfortunately, employees are the most likely route through which an organisation’s IT systems will be infected.  Appropriate awareness training must be a priority for anyone with system access, with follow-up refresher courses at regular intervals.

Procedures for handling suspicious emails/files etc

In tandem with user training, having a specific procedure to follow in the event of receiving a suspicious file or email can help mitigate any inadvertent exposure.

Antivirus and Anti-spam Software

Up-to-date antivirus software will protect from known virus threats as they become known to IT Security organisations.  Anti-spam filters help prevent malicious emails and content from ever reaching user inboxes, greatly reducing the chance of system infection.

System and Data backups

Regular backups of the system and data, as per TITA’s Backup Best Practice procedures, the 3-2-1-1-0 rule:

  • Maintain at least 3 copies of business data
  • Store critical business data on at least 2 different types of storage media
  • Keep 1 copy of backups in an off-site location
  • In the ransomware era, adding another 1 to the rule – one backup media is offline
  • Ensure all recoverability solutions have 0 errors

If, despite precautions, your organisation is infected with ransomware, TITA recommends following Toll Group’s example – contact the relevant authorities and IT security experts immediately.

If you’d like help with IT Security for your business, contact The IT Agency on (02) 8317 4730 – we’ll assess and advise on how best to protect your organisation from cyber-attack.