Security Experts:

Connect with us

Hi, what are you looking for?



Australian Shipping Giant Toll Hit by Ransomware for Second Time

Australian shipping giant Toll informed customers on Tuesday that it has shut down some IT systems after discovering a piece of ransomware. This is the second ransomware incident disclosed by the company this year.

Australian shipping giant Toll informed customers on Tuesday that it has shut down some IT systems after discovering a piece of ransomware. This is the second ransomware incident disclosed by the company this year.

Toll said it discovered the ransomware after seeing unusual activity on some servers. An investigation revealed an infection with Nefilim ransomware, a fairly new threat that has been linked to the Nemty ransomware.

The company says it does not plan on paying any ransom demands and claims it has found no evidence that data has been exfiltrated from its network. However, Bleeping Computer reported in March that Nefilim authors do claim to steal data and threaten to make it public unless they are paid.

Toll has shut down its MyToll portal as a result of the incident and the company is currently working on cleaning affected systems and restoring files from backups. The company says it’s using manual processes to continue providing services, but some customers have reported delays or disruption.

In an update shared on Wednesday, Toll said freight shipments and parcel deliveries are largely unaffected, and the company revealed that it’s prioritizing the delivery of essential items, such as medical and healthcare supplies needed during the COVID-19 coronavirus outbreak.

“We’re working closely with our large enterprise customers whose services are affected and, for our SME customers and consumers, we’re providing updates on work-around processes through our digital and social channels including Toll’s company and MyToll websites,” Toll stated. “We expect to maintain current business continuity and manual processing arrangements through the week, and we are in regular contact with the Australian Cyber Security Centre (ACSC) regarding the investigation and recovery process.”

This is the second time Toll has been hit by ransomware this year. The company previously found Mailto ransomware on some systems in late January, but says the incidents are unrelated. The earlier incident reportedly impacted operations in Australia, India and the Philippines, with some unconfirmed reports claiming that the malware had infected over 1,000 servers.

Owned by Japan Post, Toll has over 40,000 employees and claims to have a global logistics network that spans across 1,200 locations in more than 50 countries.

Toll is not the only major shipping company hit by ransomware in recent years. The list of victims also includes Pitney Bowes, Mediterranean Shipping Company (MSC), and COSCO.

Related: Human-Operated Ransomware Is a Growing Threat to Businesses: Microsoft

Related: Netherlands University Pays $240,000 After Targeted Ransomware Attack

Related: Massachusetts Electric Utility Hit by Ransomware

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...