Australian Delivery Giant Toll Group Hit by New Ransomware Strain

Australian transportation and logistics company Toll Group has become the latest organization to become a victim of a “targeted ransomware attack.”

In an announcement made on Wednesday, the delivery giant said it was forced to shut down multiple of its services after ransomware encrypted its IT systems late last week.

“As a precautionary measure, in response to a cybersecurity incident on Friday, Toll deliberately shut down a number of systems across multiple sites and business units,” the company wrote on a post.

Toll Group Ransomware Strain

To date, while the statement failed to disclose the exact number of affected data, a report from IT News claims that “as many as 1000 servers in Toll’s data centre had been infected” and “staff had been advised not to turn on machines or try to connect them to the corporate network.”

ADVERTISEMENT

The attack, which was later revealed to be a new strain of the Mailto ransomware, was first discovered by Toll Group on Friday, Jan. 31.

“We have shared samples of the relevant variant with law enforcement, the Australian Cyber Security Centre, and cyber security organisations to ensure the wider community is protected. There continues to be no indication that any personal data has been lost as a result of the ransomware attack on our It systems,” the company added.

According to the Australian Financial Review, the logistics company has refused to pay the cyber ransom demanded by hackers and is currently working on restoring its operations.

“As we work through our IT recovery plan in response to the recent cyber-attack, our focus is on restoring the relevant underlying infrastructure and fully-automated systems, and on conducting a thorough review of the affected IT hardware including servers, systems and devices. In doing so, we are working closely with our cyber security advisers to ensure that any risk associated with this incident has been appropriately managed and neutralised,” Toll explained.

ADVERTISEMENT

To date, it remains unknown whether files encrypted by the new ransomware strain can be decrypted. However, the delivery giant assured that they’ll be monitoring the incident this as they work through a detailed investigation.

“Our teams across our operations are working with affected customers, including via our call centre where additional resources are on hand to help customers with queries about parcel deliveries. As always, we apologise for the inconvenience this is causing those customers who are impacted,” the company concluded.

ADVERTISEMENT