SAY “NO” to Mailto ransomware with WatchGuard’s Total Security Suite!

Toll Group has been hit with a ransomware known as Mailto or Kazakavkovkiz which belongs to the koko ransomware family. It was a new variant which attacked the system forcing Toll to shut down a number of system across multiple business units and sites just to contain the ransomware.

The ransomware may have been phishing and password spray attacks, and then use compromised accounts to send further phishing emails to the users address book to spread the malware. Which is believed to infected servers and active directory.

Having suffered by the attack, all the online booking platform are being shutdown and switched to phone booking platform for business continuity processes. As a result there is a huge in flow of calls to the call centres causing disruption and slower delivery efficiency.

WatchGuard Technologies CTO Corey Nachreiner said the Toll Group attack is very similar to a number of targeted ransomware attacks aimed at companies that rely on technology to deliver time-sensitive, critical services or products.

“By strategically targeting industries that cannot operate well with any downtime, these criminals maximise the odds that their victims will pay the ransom to recover their services. Healthcare organisations, state and local government, industrial control systems and now shipping companies represent ripe targets for these focused ransomware campaigns,” he said.

“In many of these cases, the ransomware itself is effective, but not particularly unusual compared to other ransomware variants. Proactive, advanced malware prevention solutions that use machine learning or behavioural analysis to catch new threats often detect and block these samples if delivered through the security service. For instance, WatchGuard’s APT Blocker service does detect all the variants of this particular Mailto ransomware that we’ve tested.”

Having a good response plan would also allow organisation in such event of ransomware infection, having immediate quarantined and disconnected from internet until further notice. Organisation should also be looking into having portioned networks into smaller section in order to further separate and segregate communication from host and services, having sufficient segmentation and segregation will also limit the opportunity of a ransomware infection and enhance IT security protection.

Toll also mentioned that while there are still some customers who are experiencing delays and stoppage, they are focusing to bring regular IT system back online securely.