Deliveries stranded across Australia as Toll confirms ransomware attack

The targeted attack has forced the company to disable its systems and revert to manual processes, causing delays across the country.
Written by Asha Barbaschow, Contributor

Australian logistics company Toll Group has confirmed the "cybersecurity incident" it suffered on Friday was ransomware.

"We can confirm the cybersecurity incident is due to a targeted ransomware attack which led to our decision to immediately isolate and disable some systems in order to limit the spread of the attack," Toll wrote in an update on Tuesday afternoon.

"We moved quickly to mitigate the potential impact and we're undertaking a detailed investigation with a view to restoring all of the relevant systems as soon as possible."

On Monday night, the company that boasts over 40,000 employees shut down a number of systems as a precautionary measure, which impacted several of its customer-facing applications.

Toll said it has seen no evidence to suggest any personal data has been lost.

"We became aware of the issue on Friday 31 January and, as soon as it came to light, we moved quickly to disable the relevant systems and initiate a detailed investigation to understand the cause and put in place measures to deal with it," the statement continued.

Need to disclose a breach? Read this: Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia  

"We're continuing to undertake a thorough investigation and we're working around the clock to restore normal services at the earliest opportunity. We'll continue to provide updates as we securely bring our systems back online."

The incident has resulted in Toll reverting to manual processes to clear the backlog of undelivered goods the ransomware attack has caused.

"As a result of our decision to disable certain systems following a recent cybersecurity threat, we're continuing to meet the needs of many of our customers through a combination of manual and automated processes across our global operations, although some are experiencing delay or disruption," Toll explained.

Where parcels are concerned, Toll said its processing centres are continuing to operate pick up, processing, and dispatch functions, "albeit at reduced speed in some cases".

In an update on Wednesday afternoon, Toll said the ransomware that it fell victim to is a new variant of the Mailto ransomware. 

"We have shared samples of the relevant variant with law enforcement, the Australian Cyber Security Centre, and cybersecurity organisations to ensure the wider community is protected," the updated said. "There continues to be no indication that any personal data has been lost as a result of the ransomware attack on our It systems. We continue to monitor this as we work through a detailed investigation."  

The update also confirmed that many of Toll's customers are able to access its services across large parts of the network globally including freight, parcels, warehousing and logistics, and forwarding operations, and that its backlog is returning to usual levels with increased staff helping ease the load.

Updated 2:45pm AEDT 5 February 2020: Provided Wednesday afternoon update from Toll.


Editorial standards