Hackers who delivered Australian logistics company Toll Group its latest ransomware attack have leaked corporate data on the dark web.
Posting on dark net site for corporate leaks '.onion', the cyber criminals scolded Toll for its security measures after the company's systems were crippled by Mailto ransomware in January.
“Toll Group failed to secure their network even after the first attack,” the post, screengrabbed by Data Breach Today, reads.
“We have more than 200GB of archives of their private data.”
Toll confirmed the incident in a statement, saying its “ongoing investigation” had determined that the attacker “has now published to the dark web some of the information that was stolen” from a server infected with the Nefilim ransomware.
“As a result, we are now focused on assessing and verifying the specific nature of the stolen data that has been published,” Toll said in a statement.
“As this assessment progresses, we will notify any impacted parties as a matter of priority and offer appropriate support.”
Last week, Toll had anticipated this would be the hackers’ next move when it discovered the hacker had exfiltrated data stored on a corporate server.
According to Toll, the affected server contained employee information and “details of commercial agreements with some of our current and former enterprise customers”.
This matches with Data Breach Today's analysis of the first files dropped on the dark net which reportedly contain documents like financial reports and drug screening invoices.
Toll has so far refused to give in to the ransom demands.
“We condemn in the strongest possible terms the actions of the perpetrators,” said Toll Group managing director, Thomas Knudsen.
“This a serious and regrettable situation and we apologise unreservedly to those affected.
“I can assure our customers and employees that we’re doing all we can to get to the bottom of the situation and put in place the actions to rectify it.”
Toll has been progressively bringing its systems back online following the attack earlier this month with the My Toll website functionality returning this week.
First Toll then Trump
Ransomware groups have been busy this week trying to extort high profile targets by dumping private information on dark net sites.
Hackers who targeted a New York law firm with the REvil ransomware demanded a $63 million ransom payment, claiming they had "dirty laundry” on US President, Donald Trump.
756GB of client data was lifted from the law firm, according to Page Six, including personal emails between the law firm and its celebrity clients.
A week on from their $63 million ransom request, the hackers delivered on their promise to dump Trump-related files – but it turned out to be more bust than boom.
In an analysis of the 169 emails leaked by the hackers, Forbes said the data-dump looked like the cyber criminals had merely searched for the word ‘trump’ in their stolen files and packaged them together regardless of whether or not the emails actually referenced Donald Trump.
REvil has reportedly sold its data on Donald Trump, saying in another dark web posted that they had been contacted by “interested people” who “agreed to buy all the data” they claimed to have on Trump.