The majority of Toll’s internal networks and user access are now operational and the company is continuing to move large volumes of international air and ocean freight shipments.
“As we work towards reinstating IT systems securely, Toll’s teams across the globe are continuing to work tirelessly to ensure customers have access to our services and operations across the network, while supporting those customers affected by delays or disruption,” Toll Group said in a statement.
“We are progressing with thorough testing and validation of our IT systems, in collaboration with key customers, with a view to restoring our systems as soon as it is deemed safe and secure for anyone who engages with Toll’s IT network including customers, employees, suppliers and vendors.”
Toll’s Global Express business, which includes its parcel delivery service, continues to operate with a combination of both manual automated processes. But MyToll, the company’s booking and tracking platform, remains offline.
“For customers impacted by this incident, we deeply apologise and reassure you that we are working hard to resume normal operations,” Toll said.
Toll has not stated who launched the attack or how they breached its systems, though the Mailto ransomware used to cripple the company is usually inserted via fraudulent emails. The Australian Cyber Security Centre has issued a warning on the new variant of mailto that struck Toll and said that there is currently “limited information from this compromise on how the malware is able to spread laterally across a network”.
The ACSC is unaware of whether the Toll incident is indicative of a broader campaign.