Security Experts:

Connect with us

Hi, what are you looking for?



Australian Shipping Giant Toll Hit by Ransomware for Second Time

Australian shipping giant Toll informed customers on Tuesday that it has shut down some IT systems after discovering a piece of ransomware. This is the second ransomware incident disclosed by the company this year.

Australian shipping giant Toll informed customers on Tuesday that it has shut down some IT systems after discovering a piece of ransomware. This is the second ransomware incident disclosed by the company this year.

Toll said it discovered the ransomware after seeing unusual activity on some servers. An investigation revealed an infection with Nefilim ransomware, a fairly new threat that has been linked to the Nemty ransomware.

The company says it does not plan on paying any ransom demands and claims it has found no evidence that data has been exfiltrated from its network. However, Bleeping Computer reported in March that Nefilim authors do claim to steal data and threaten to make it public unless they are paid.

Toll has shut down its MyToll portal as a result of the incident and the company is currently working on cleaning affected systems and restoring files from backups. The company says it’s using manual processes to continue providing services, but some customers have reported delays or disruption.

In an update shared on Wednesday, Toll said freight shipments and parcel deliveries are largely unaffected, and the company revealed that it’s prioritizing the delivery of essential items, such as medical and healthcare supplies needed during the COVID-19 coronavirus outbreak.

“We’re working closely with our large enterprise customers whose services are affected and, for our SME customers and consumers, we’re providing updates on work-around processes through our digital and social channels including Toll’s company and MyToll websites,” Toll stated. “We expect to maintain current business continuity and manual processing arrangements through the week, and we are in regular contact with the Australian Cyber Security Centre (ACSC) regarding the investigation and recovery process.”

This is the second time Toll has been hit by ransomware this year. The company previously found Mailto ransomware on some systems in late January, but says the incidents are unrelated. The earlier incident reportedly impacted operations in Australia, India and the Philippines, with some unconfirmed reports claiming that the malware had infected over 1,000 servers.

Owned by Japan Post, Toll has over 40,000 employees and claims to have a global logistics network that spans across 1,200 locations in more than 50 countries.

Toll is not the only major shipping company hit by ransomware in recent years. The list of victims also includes Pitney Bowes, Mediterranean Shipping Company (MSC), and COSCO.

Related: Human-Operated Ransomware Is a Growing Threat to Businesses: Microsoft

Related: Netherlands University Pays $240,000 After Targeted Ransomware Attack

Related: Massachusetts Electric Utility Hit by Ransomware

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.