We often discuss companies being hit by some sort of malware and affecting their operations.
Unfortunately, it looks like this group were hit by a new variant of ransomware known as Mailto or Kokoklock which was originally discovered back in August 2019 as it has been published by BleepinComputer.
It appears that at that time the target of this new variant of ransomware was unclear. Now, after this ransomware hit the Toll Group it was discovered that the new variant is targeting the enterprise.
This ransomware tries to impersonate the “Sticky Password Software”. Therefore, if you are using this software, be aware of this feature.
How is this ransomware different from the rest? Well, according to Head of SentnelLabls Vitali Kremez who analyzed this ransomware, the configuration of this new variant is quite sophisticated and detailed compared to other ransomware infections.
Now, how hard was the Toll Group hit? According to ITNews it is believed to have infected as many as 1,000 servers, including Active Directory. Because of the quick spread of the virus across the network, they were forced to shut down much of their IT infrastructure to prevent it from spreading.
Based on what happened at Toll, how long can your business survive without any IT system? How about without phones? Or without the Internet?
Nowadays, businesses heavily rely on technology to be more competitive and dynamic in a world where organizations fight for a piece of the market.
Therefore, keep all your systems up to date, train your users in Cyber Security, always have backups, and remember to keep your passwords safe.
And as always, be safe out there and until the next Malware Monday.