Craig McDonald Feb 27, 2020 2:05:02 PM 8 MIN READ

Toll Group ransomware attack: Are your clients ready for the ripple effect?

Partner_Blog_Header_Toll (002)

As many of you know by now, logistics giant Toll Group was in the news last week after they were hit by a ransomware attack called Mailto. This attack is usually delivered via an infected email, that was most likely clicked on by an unsuspecting employee which then infects systems running on Microsoft Windows, encrypting files and leaving a ransom note on-screen. The note says that the only way to get the files back is by paying a ransom in Bitcoin. 

Why the logistics industry is a popular target

The logistics industry is a favourite among cybercriminals, primarily for 3 reasons. Firstly, logistics companies typically maintain a wide network of third-party relationships – making them a gold mine of data. Secondly, companies like Toll Group have a large & complex supply chain ecosystem that relies heavily on cyber-based control, navigation, tracking, positioning and communications systems. This means they contain multiple digital vulnerabilities that make it easier for cybercriminals to infiltrate their networks. Third, the very nature of their business is time critical, so they are under more pressure than most to make a call on paying the ransom so as to not disrupt their operations, and the businesses of all of those that are depending on their deliveries.   

This last reason is precisely why, for the Toll Group, with an ecosystem so large & complex (involving an intricate, interdependent network of consumers, partners, vendors, and suppliers), the implications of this ransomware attack are likely to result in a ripple effect that far outweighs the initial costs to their business alone. The tangible and intangible losses resulting from an attack like this can have catastrophic consequences for businesses, and a flow on impact to those in their ecosystem, but the ripple effect is often unreported, and unnoticed.  

Here are a few examples of the type of ripple effects resulting from a cyber-attack like the one that hit Toll Group. Send these to your clients and use them to review cybersecurity strategies for the year. 

The ripple effect

When surveyed, 59% of C-level executives said that the domino effect from a cyber-attack could extend to larger geographical areas while 56% stated it could also potentially expose national vulnerabilities. 

Imagine you’re a Toll Group customer and the business delivers products that form a key component of your own supply chain. Your products aren’t getting delivered and there may be a disruption in your production line and by extension, in your cash flow. Your company, your brand and reputation all take a hit. Conversely, imagine you’re a small business and Toll Group is a huge customer that you heavily rely on to maintain your profit margin. There’s a delay resulting from this ransomware attack and you’re not getting paid. In either scenario, the attack creates a detrimental ripple effect that is likely to have a severe impact on your business too. The effects of a cyber-attack can actually ripple for years, resulting in a wide range of “hidden” costs—many of which are intangible impacts like reputational damage, operational disruptions or even a drop in employee engagement.

Reputational damage

And this negative impact on the company’s ecosystem is already beginning to show. Due to a loss of system availability and productivity, Toll Group’s customers are experiencing delays in deliveries and are taking to social media to express their ire about how that’s impacting their own businesses. While I personally respect Toll’s efforts to be transparent, their approach has been copping a lot of flak from others. Here’s a screenshot of one such tweet:



A cyber-attack limited to one organisation can be enough to cause significant financial loss, data compromise, and long-term damage. However, new research found that the average data breach affects 10 firms beyond the initial victim and that the ripple effect resulting from a cyber-attack can result in financial loss that is 13 times greater than the losses from events involving a single party.  

Container shipping company A.P. Moller-Maersk suffered a malware attack in 2017 that cost the company $300 million in lost revenue. Similarly, FedEx estimated a $300 million loss after it was hit by the NotPetya cyber-attack. If that’s how much these companies lost, consider the consequential financial costs from the ‘ripple effect’ which may approach 13 times that amount. That’s a gargantuan figure – and I shudder to think of how much damage this attack on Toll Group is going to incur on the local & global economy over the years.  

Data loss

And that’s just the financial aspect. Toll Group has repeatedly maintained that it “has seen no evidence to suggest any personal data has been lost” but in cases of other cyber-attacks, we may not be so ‘lucky’. The ripple effects of data breaches could also result in more cases of identity theft, loss of proprietary information or other strategic assets. Typically, the stolen data ends up on the dark web, making the situation even worse. 

Take Yahoo for example. The Internet service company was hit by a data breach in 2013 and originally reported that the attack compromised 1 billion Yahoo user accounts. By 2017, that figure ballooned to 3 billion. 

Is your business ready to deal with the consequences of a ripple effect?

Microsoft CEO Satya Nadella has warned that US$1 trillion is lost every year due to cyber issues. If you consider the ripple effect a single cyber-attack has on the economy, suddenly this figure isn’t such a surprise.  

What I do continue to be surprised by is the lack of proactivity from many businesses when it comes to reviewing their cybersecurity strategies. If a cyber-attack can hit Toll Group, a large, sophisticated organisation with a team of dedicated Infosec professionals, it can hit any business. Are your cybersecurity strategies evolving enough to meet the changing face of cybercrime? Or is your business a sitting duck?

And even if your company isn’t directly hit by a cyber-attack, it will be affected by the eventual ripple effects emerging from one that’s hit another company – at the very least in the form of sluggish economic growth. A real-life example is the rapidly escalating case of coronavirus. It may have begun in China, but the resultant effects of the healthcare crisis are  already leading experts to speculate that it may result in a global economic slowdown. In this case, do you have a business continuity plan that can help mitigate risks as much as possible?  

Let this attack on Toll Group be a reminder to all of us that it isn’t just an attack on the company, but on all of our businesses. Since we’re all part of an interdependent and fragile ecosystem, what negatively impacts one company is likely to have detrimental consequences on our businesses too. If we’re not prepared to deal with such cyber-attacks (either directly or indirectly), the consequences that result will be catastrophic.  

While we owe it to one another to share intelligence and learnings in the fight against cybercrime, we also have a duty to hold our supply chain and business partners to account for their endeavours to protect themselves and their data from malicious actors.  

Reach out to me or my team at the contact details below to find out how you can protect your business from cyber-attacks and the resulting domino effect.  

Talk to us

MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.

Australian partners, please call us on 1300 30 65 10

US partners call 1888 848 2822

UK partners call 0 800 404 8993

We’re on Facebook, Twitter and LinkedIn.