Toll Group Hacked with Ransomware; Deliveries in ‘Limbo’
Transport and delivery company, Toll Group, is reeling after a cyberattack on its IT systems has left it unable to process a number of deliveries, according to reports.
Toll Group has said that a “new variant of the Mailto ransomware” had hit its network, and the group has notified federal authorities. The company announced that the hack occurred at the turn of the month, stating that it had to shut down “a number of systems across multiple sites and business units,” that has caused numerous headaches for the company.
Toll has issued a formal apology for the outage, adding that there was “no evidence” that customer’s personal data had been compromised. “The vast majority of our parcels and packages are continuing to be delivered as normal, albeit there are some customers who are experiencing some delays as we’ve switched to more manual handling and processing of our freight,” added a spokesperson.
“We have shared samples of the relevant variant with law enforcement, the Australian Cyber Security Centre (ACSC), and cybersecurity organisations to ensure the wider community is protected,” the company added.
“There continues to be no indication that any personal data has been lost as a result of the ransomware attack on our IT systems.”
A report from the ABC interviewed a Melbourne-based clothing company, Liminal Apparel, who said that orders worth “tens of thousands of dollars,” had gone missing, and when they checked the delivery status, an error messaged was returned.
“Unfortunately we weren’t even notified. We found out through twitter,” sales manager Jeff Ward said. “It’s 10 days overdue, so for the last week I’ve been spending at least three or four hours a day on the phone trying to get some information,” he said.
“The most unfortunate thing is we just have had no communication. I feel like we’ve had to be proactive and I feel really sorry for the Toll call centre staff who have been left hung out to dry with a standard answer that gives no clarification.”
The ACSC has since issued a public warning, urging organisations to “update [their] antivirus and other security tools.”
“There is some evidence that Mailto actors may have used phishing and password spray attacks, and then used compromised accounts to send further phishing emails to the user’s address book to spread the malware. At this time, the ACSC is unaware whether these incidents are indicative of a broader campaign.”
In a statement, Toll said that most of its networks were now operational, and it was working at bringing its MyToll booking and tracking platform back online. “We expect customers to be able to use this platform for some services towards the end of the week as we progressively roll out the full functionality of the platform,” the statement read.
In an update on its website, Toll said that the company was continuing to reset “back-end IT systems following the recent cyber attack.”
“Working closely with our external experts and federal government authorities we have made good progress through this past week to gradually reinstate systems securely. Over the coming days, and allowing for the inherent complexity of cyber attacks of this nature, our focus is on reinstating foundational IT infrastructure which we actively disabled at the outset,” Toll wrote.