Toll Group shuts down IT systems after cyber attack

Toll Group containers and logistics. Credit: Toll Group

Global logistics operator Toll Group announced on 3 February 2020 that it had been subject to a cyber attack across its land and sea operations. The company reported it had shut down a number of systems across multiple sites and business units in response to a cyber attack on 31 January.

“Regretfully, some customers are experiencing delays or disruption while we work towards bringing our regular IT systems back online securely,” Toll announced. “We are working around the clock to have the relevant systems back online as soon as possible.”

Relevant authorities were undertaking a criminal investigation and the company was working closely with its cyber security advisers. The ransomware that infiltrated the company IT network was a variant of the Mailto ransomware.

“We have shared samples of the relevant variant with law enforcement, the Australian Cyber Security Centre, and cyber security organisations to ensure the wider community is protected,” the company revealed. “There continues to be no indication that any personal data has been lost as a result of the ransomware attack on our IT systems. We continue to monitor this as we work through a detailed investigation.”

The Mailto ransomware, also been known as Netwalker, is still new, with early sightings reported in October 2019, according to ACS Information Age.

Meanwhile, customers have been unable to track their shipments and truck drivers were reverting to manual receipts.

Shipping across Australia’s Bass Strait between Melbourne and Burnie, Tasmania, was still ongoing with manual operations replacing some automated and digital processes affected by the attack.

“We continue to move international air and ocean freight shipments and, where possible, perform customs clearance albeit at a reduced pace,” a company spokesperson told SAS.

The two 700 TEU roll-on/roll-off (ro-ro) vessels, Tasmanian Achiever II and Victorian Reliance II, servicing the Bass Strait daily, had not been affected by the ransomware, according to the spokesperson.

“In our global freight forwarding business, Business Continuity Plans have been implemented and manual processes initiated to minimise customer impact,” she added.

Toll Group has allocated extra staff and resources to a call centre to help customers experiencing delays.

Alongside its road freight, Toll’s sea freight services provide door-to-door import and export container shipping worldwide, transshipment services, Australian coastal shipping, and two ro-ro vessels serving the Bass Strait daily.

General cargo includes dangerous goods, weaponry, vehicles, refrigerated goods, and bulk commodities.