Ransomware: Toll deliveries recover but wool industry gets snagged

As one victim of a ransomware attack got some of its systems back up after nearly a month, another firm fell prey to a separate ransomware attack this week

Toll Group finally gets some core systems running again

Australian logistics firm Toll Group says some of its core IT systems are back online nearly a month after a Mailto ransomware attack crippled its delivery operations. Toll voluntarily took core IT systems offline on January 31 to contain a ransomware attack that forced it to switch to manual processes.

The attack impacts Toll’s track and trace data, proof-of-delivery functionality, bookings and shipments, consignment labels, and invoice retrieval. The company’s MyToll online parcel delivery tracking platform has been offline for duration of its recovery, but Toll now expects the majority of the platform to be back online by 1 March, according to its latest update.

However, Toll says it will take several more weeks to upload historical shipment and track-and-trace MyToll data from the date the attack happened, according to Toll Group’s MyToll status page. Customers can access track and trace data for bookings after 19 February 2020, but they still may not be able to access data for bookings made after 30 January until 1 March.

Toll said it is working to reintegrate its systems with customer systems but still doesn’t have a clear timeline for its completion. “We continue to work with some customers on more complex reintegration and we’re working closely with them to return services to normal as quickly as possible,” Toll said in a statement.

Wool-trading platform Talman is latest to be attacked

Australia’s wool industry is now also dealing with ransomware after the maker of a wool-trading IT platform suffered a ransomware attack disclosed on Wednesday. Talman Software, an online wool trading platform, is used by more than 75% of the wool industry in Australia and New Zealand.

Wool marketer the Australian Wool Network said Wednesday’s wool auctions in all regions had been delayed due to a “third party systems supplier outage”. Talman Software confirmed to the Australian Broadcasting Corporation (ABC) that the outage was due to a ransomware attack. Mark Grave, chief executive of the Australian Wool Exchange (AWEX), said the disruption to wool trading due to a cyber attack was unprecedented.

James Turner, founder of research firm CISO Lens, said both attacks showed Australian organizations undergoing digital transformation have security lessons to learn from the banking sector. New risks span on-premise hardware to the software supply chain. “Criminals are going to pay attention to where there is money and value creation. Australia’s banks have known this for years and their security teams are some of the largest and most mature in the country,” Turner told CSOonline. 

“Every Australian organisation out there, big and small, needs to learn from the misfortune of others. If you are using computers, telephones or the Internet you can be attacked. If you rely on a supplier that uses computers, telephones or the Internet, then your business could be collateral if they are attacked,” he added. 

Australian industry has historically been focussed on “high impact” suppliers in energy and telephony, but software these days fits this category too because it’s where value is created, he said. 

Software supply chain attacks aren’t new, but they have come into focus after the NotPetya state-sponsored ransomware attack in 2017, which spread via a poisoned update to a Ukraine-based accounting software package and caused over $1 billion to global companies , , confectionary-maker Mondelez, and US tech vendor Nuance. “There is a crucial opportunity here for business leaders to have a deeper understanding of how their companies create value, and what suppliers they depend on,” said Turner.