Toll Group, the Australian freight delivery service provider, is struggling to restore its services completely after being hit by the recent “Mailto” ransomware attack on its infrastructure. The incident compromised around 1,000 systems that affected local and global deliveries across the country, and forced Toll to take down many of its delivery and tracking systems. The officials at Toll stated that they have rolled out a cautious approach to restore its systems. The company removed over 500 applications that supported its international operations in 25 countries. Toll stated that its internal networks and user access are currently operational, and the company is continuing to resume the operations of its international air and ocean freight shipments.
Toll declined to reveal the ransom that was demanded. However, the company clarified that it’s not paying or has paid any ransom. Earlier, Toll said that it was working with the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) to identify the virus and how to respond. It has also been working with the Federal Police since the attack.
Toll received severe criticism over the time taken to investigate the incident and start restoring services back online. Toll is facing complaints from its customers and clients including Unilever, Adidas, Nike, Telstra, Optus, Footlocker, and Officeworks due to indefinite delays over deliveries.
“From the outset, we’ve prioritized customer-facing and other critical systems. We now have many of our customers back online and operating essentially as normal, including through large parts of our global cargo-forwarding network and across our logistics warehouse operations around the world. And, we’re progressively reactivating full services on the MyToll parcels booking and tracking portal,” a spokesperson from the Toll Group said in a media statement.
The statement also highlighted, “Core systems including email, phones and end-user devices have been tested, restored and are operating as normal. For all of that, we know that some of our customers continue to be affected. We’re working with them and we’re doing everything in our power to get them moving as a matter of priority and, importantly, when it’s safe to do so.”
How Mailto Ransomware Affected Toll Group
On January 31, 2020, post the attack discovery, Toll promptly shut down several systems across multiple sites and business units in Australia to stop the spread of ransomware. The incident resulted in Toll reverting to manual processes for clearing the backlog of undelivered local and international parcels across Australia. It continued to function its regular pickup, process and dispatch services, but at a slow pace due to manual processing.