Many of Toll’s services are back online following outages caused by the group isolating its systems to prevent the spread of a “targeted malware” attack the company suffered on 31 January.
A company spokesperson told Investor Daily that the ransom demand “did not name a specific figure” but only provided contact details for Toll to arrange a ransom payment.
“We’ve made no contact with the attackers and have no intention of engaging,” the spokesperson said.
“We are treating it as a criminal matter and, as such, have referred it to the relevant authorities. We believe our decision to not submit to the attacker’s demands is the responsible and an appropriate course of action for our business and as a leader in the wider logistics sector – we don’t want to incentivise these sorts of attacks against other businesses.”
Toll has also revealed that the malware in question is a new variant of the “mailto” ransomware. Mailto ransomware locks affected files into an unusable “mailto” format. It is unclear whether files can actually be recovered after being encrypted.
“We have shared samples of the relevant variant with law enforcement, the Australian Cyber Security Centre, and cyber security organisations to ensure the wider community is protected,” Toll said in a statement.
“There continues to be no indication that any personal data has been lost as a result of the ransomware attack on our IT systems. We continue to monitor this as we work through a detailed investigation.”
Several other firms have been on the receiving end of ransomware attacks before, most notably global logistics company Maersk, which was crippled by an attack originating in Ukraine and believed to be the work of the Russian military. That attack wound up costing Maersk almost $300 million.
