Ransomware Attack Details
In a statement published yesterday, Toll Group confirmed that it had been the victim of a ransomware attack. Toll Group is an Australian transportation and logistics company operating in more than 1,200 locations across 50 countries. It has operations in road, rail, sea, air and warehousing and has over 44,000 employees. The attack occurred Friday last week and caused major disruptions to their services. Since then, Toll has discovered that the ransomware involved in Friday’s attack was a new variant of the Mailto ransomware. Mailto was discovered by GrujaRS, an independent cyber security researcher, around September 2019. Like other ransomware, Mailto encrypts files thereby rendering them unusable. It is called Mailto because it adds the extension “Mailto” and the developers email address to the encrypted files’ filenames.
How Was the Attack Carried Out?
Toll have not specified how the ransomware managed to gain access to its network and attack its IT systems. However, they are conducting investigations into the incident and have provided samples to the Australian Cyber Security Centre to help prevent other companies from becoming victims. “The ransomware that has affected Toll is a new variant of the Mailto ransomware. We have shared samples of the relevant variant with law enforcement, the Australian Cyber Security Centre, and cyber security organizations to ensure the wider community is protected.” In the meanwhile, Toll is trying to restore their IT systems as they have decided not to pay the ransom.
Toll Takes Systems Offline to Limit Severity of Attack
When Toll became aware that their IT systems were under attack, it took measures to try and limit its severity. To this end, Toll took some of its systems offline. “We can confirm the cyber security incident is due to a targeted ransomware attack which led to our decision to immediately isolate and disable some systems in order to limit the spread of the attack,” Toll said in a statement yesterday.
Toll Continues to Operate Despite Ransomware Attack
Despite the attack, Toll has managed to continue operating by reverting to manual processing in some of its centers. Pickup, processing and dispatch operations are up and running, however, its online booking system is still offline. Nonetheless, the ransomware attack has caused a backlog in Toll’s deliveries and customers experiencing delays have vented their frustrations on Twitter. However, Toll states that they have put measures in place that has seen a huge reduction in the backlog. “Based on a combination of automated and manual processes instituted in place of the affected IT systems, freight volumes are returning to usual levels. We have also increased staffing at our contact centres to assist with customer service,” Toll said today in an update to yesterday’s statement.
When will Toll Service Disruptions End?
Unfortunately, Toll is still unable to provide a timeline for when all its systems will come back online. Therefore, it is not yet known when service disruptions will end.