At this time, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is unaware whether these incidents are indicative of a broader campaign.
Details
Currently, the ASD's ACSC has limited information about the initial intrusion vector for Mailto infections.
There is some evidence that Mailto actors may have used phishing and password spray attacks, and then used compromised accounts to send further phishing emails to the users address book to spread the malware.
There is currently limited information from this compromise on how the malware is spread laterally across a network.
The hash of the Mailto ransomware from this incident is available in the Indicators of Compromise section of this advisory.
The ASD's ACSC is continuing to monitor the situation and will update this advisory with any additional details.