Ransomware Attack Hinders Toll Group Operations

toll group ransomware

Customers took to Twitter to air their grievances after some of the transportation giant’s operations were downed.

Australian transportation and logistics giant Toll Group said a ransomware attack is to blame for several key services being debilitated and delivery operations being delayed over the past week.

Toll Group, a subsidiary of Japan Post Holdings, is a freight and delivery service company operating across more than 1,200 locations in 50 countries. The company is often used by e-commerce giants like eBay to transport anything from bulk commodities to critical spare parts and medical supplies, according to its website.

In the aftermath of the company first being hit by the ransomware attack on Friday, customers were reporting an impact on¬†operations across Australia, India and the Philippines. Various Toll Group customer-facing services were also reportedly debilitated over the weekend,¬†including its MyToll portal, used for creating shipments and booking pickups. In a Tuesday update, Toll Group said it has disabled certain systems “as a precautionary measure,” and in the meantime has set up a “combination of manual and automated processes” to keep up with global operations. However, it warned that some customers will still experience delays this week.

“We received a targeted ransomware attack which led to our decision to immediately isolate and disable some systems in order to contain the spread of the attack,” the company said in a Tuesday update. “We moved quickly to mitigate the potential impact and we’re undertaking a detailed investigation with a view to restoring all of the relevant systems as soon as possible. In the meantime, we’ve introduced manual systems where required to ensure we can continue to meet the needs of our customers.”

Threatpost has reached out to Toll Group for further information on how the company was first infected, what type of ransomware is involved in the attack, and what its next steps are in paying the ransom.

According to reports by ITNews, the ransomware attack infected over 1,000 of the company’s servers and that global staff was told to keep desktops disconnected from the corporate network. Active Directory and corporate VPN applications are reportedly among those infected and taken offline.

The company said it has been working with relevant authorities since Friday. It said, at this stage it has seen no evidence to suggest any personal data has been lost. In the meantime, Toll Group said that all of its processing centers are continuing to operate (although some operations at slower speeds), including pick up, processing and dispatch operations. However, its online booking platform has been temporarily disabled, so customers need to book deliveries by calling the company’s contact centers.

Customers took to Twitter to express outrage toward the delivery outages in the days after the attack.


Ransomware attacks continue to hurt companies and cripple their operations. On New Year’s Eve, foreign currency-exchange giant Travelex was hit in a ransomware attack, which left its customers and banking partners stranded without its services. Last year, aluminum giant Norsk Hydro fell victim to a serious ransomware attack that forced it to shut down or isolate several plants and send several more into manual mode.

“What scares me is that the sheer volume of ransomware attacks is starting to make people numb to their existence,”¬† Chris Morales, head of security analytics at Vectra, told Threatpost. “It’s a regular occurrence now, and it’s a very concerning and unfortunate reality we are now in.”

Suggested articles