Connect with us

Hi, what are you looking for?



Australian Shipping Giant Toll Hit by Ransomware

Australian transportation and logistics giant Toll Group was forced to shut down some of its online services in response to a ransomware attack and customers are not happy with the way the company has handled the incident.

Australian transportation and logistics giant Toll Group was forced to shut down some of its online services in response to a ransomware attack and customers are not happy with the way the company has handled the incident.

Owned by Japan Post, Toll has over 40,000 employees and claims to have a global logistics network that spans across 1,200 locations in more than 50 countries.

The company said it discovered a piece of ransomware on its systems on Friday, January 31, and rushed to disable some systems in order to contain the incident. A notice posted on the Toll website to inform customers about the incident promised regular updates, but many were displeased with the fact that the first update came only several days later.

Toll ransomware tweet

Some customers complained on social media that they could no longer track their packages and claimed the company’s employees were also unable to access the tracking database.

Business Insider Australia reported that the incident impacted operations in Australia, India and the Philippines.

It’s unclear what ransomware was used in the attack, which Toll has described as “targeted,” but it appears to have the capability to spread within the victim’s network.

One anonymous user claimed on Twitter that the ransomware had infected over 1,000 Toll servers worldwide. SecurityWeek has reached out to Toll for confirmation and will update this article if the company responds.

Advertisement. Scroll to continue reading.

Toll ransomware tweet

Toll says it’s working on restoring affected systems and in the meantime it has resorted to manual processes to continue providing services. Orders can currently be made only over the phone as several customer-facing applications are offline.

“For our parcels customers, all of our processing centres are continuing to operate including pick up, processing and dispatch albeit at reduced speed in some cases,” the company stated. “Most other Toll operations are continuing to operate on manual systems based on our business continuity plans.”

The company has notified authorities, but claims it has not found any evidence suggesting that personal data has been compromised.

UPDATE. Toll says it has started restoring impacted services and revealed that the attack involved a piece of ransomware called Mailto. The company did not confirm or deny claims that the malware hit over 1,000 servers.

Related: Mexican Oil Company Pemex Hit by Ransomware

Related: Ransomware Causes Disruptions at Johannesburg Power Company

Related: Travelex Says Financially Unaffected by Hacking

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...