Australian transportation and logistics giant Toll Group was forced to shut down some of its online services in response to a ransomware attack and customers are not happy with the way the company has handled the incident.
Owned by Japan Post, Toll has over 40,000 employees and claims to have a global logistics network that spans across 1,200 locations in more than 50 countries.
The company said it discovered a piece of ransomware on its systems on Friday, January 31, and rushed to disable some systems in order to contain the incident. A notice posted on the Toll website to inform customers about the incident promised regular updates, but many were displeased with the fact that the first update came only several days later.
Some customers complained on social media that they could no longer track their packages and claimed the company’s employees were also unable to access the tracking database.
Business Insider Australia reported that the incident impacted operations in Australia, India and the Philippines.
It’s unclear what ransomware was used in the attack, which Toll has described as “targeted,” but it appears to have the capability to spread within the victim’s network.
One anonymous user claimed on Twitter that the ransomware had infected over 1,000 Toll servers worldwide. SecurityWeek has reached out to Toll for confirmation and will update this article if the company responds.
Toll says it’s working on restoring affected systems and in the meantime it has resorted to manual processes to continue providing services. Orders can currently be made only over the phone as several customer-facing applications are offline.
“For our parcels customers, all of our processing centres are continuing to operate including pick up, processing and dispatch albeit at reduced speed in some cases,” the company stated. “Most other Toll operations are continuing to operate on manual systems based on our business continuity plans.”
The company has notified authorities, but claims it has not found any evidence suggesting that personal data has been compromised.
UPDATE. Toll says it has started restoring impacted services and revealed that the attack involved a piece of ransomware called Mailto. The company did not confirm or deny claims that the malware hit over 1,000 servers.
Related: Mexican Oil Company Pemex Hit by Ransomware
Related: Ransomware Causes Disruptions at Johannesburg Power Company
