Security Experts:

Australian Shipping Giant Toll Hit by Ransomware

Australian transportation and logistics giant Toll Group was forced to shut down some of its online services in response to a ransomware attack and customers are not happy with the way the company has handled the incident.

Owned by Japan Post, Toll has over 40,000 employees and claims to have a global logistics network that spans across 1,200 locations in more than 50 countries.

The company said it discovered a piece of ransomware on its systems on Friday, January 31, and rushed to disable some systems in order to contain the incident. A notice posted on the Toll website to inform customers about the incident promised regular updates, but many were displeased with the fact that the first update came only several days later.

Toll ransomware tweet

Some customers complained on social media that they could no longer track their packages and claimed the company’s employees were also unable to access the tracking database.

Business Insider Australia reported that the incident impacted operations in Australia, India and the Philippines.

It’s unclear what ransomware was used in the attack, which Toll has described as “targeted,” but it appears to have the capability to spread within the victim’s network.

One anonymous user claimed on Twitter that the ransomware had infected over 1,000 Toll servers worldwide. SecurityWeek has reached out to Toll for confirmation and will update this article if the company responds.

Toll ransomware tweet

Toll says it’s working on restoring affected systems and in the meantime it has resorted to manual processes to continue providing services. Orders can currently be made only over the phone as several customer-facing applications are offline.

“For our parcels customers, all of our processing centres are continuing to operate including pick up, processing and dispatch albeit at reduced speed in some cases,” the company stated. “Most other Toll operations are continuing to operate on manual systems based on our business continuity plans.”

The company has notified authorities, but claims it has not found any evidence suggesting that personal data has been compromised.

UPDATE. Toll says it has started restoring impacted services and revealed that the attack involved a piece of ransomware called Mailto. The company did not confirm or deny claims that the malware hit over 1,000 servers.

Related: Mexican Oil Company Pemex Hit by Ransomware

Related: Ransomware Causes Disruptions at Johannesburg Power Company

Related: Travelex Says Financially Unaffected by Hacking

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.