The majority of Toll’s internal networks and user access are now operational and the company continues to move significant volumes of international air and sea freight.
“As we work to restore security to IT systems, Toll teams around the world continue to work tirelessly to ensure customers have access to our services and operations across the network, while supporting customers affected by delays or disruptions,” Toll Group said in a statement. statement.
“We are progressing extensive testing and validation of our IT systems, working with key customers, with a view to restoring our systems as soon as they are deemed safe and secure for anyone interacting with Toll’s IT network, including customers, employees, suppliers. and sellers.
Toll’s Global Express business, which includes its parcel delivery service, continues to operate with a combination of two manual automated processes. But MyToll, the company’s booking and tracking platform, remains offline.
“To those customers affected by this incident, we deeply apologize and reassure you that we are working hard to resume normal operations,” Toll said.
Toll did not say who launched the attack or how they breached its systems, although the Mailto ransomware used to cripple the company is typically inserted via fraudulent emails. The Australian Cyber Security Center has issued a warning about the new mailto variant that hit Toll and said there is currently “limited information about this compromise on how the malware is able to spread laterally across a network “.
The ACSC is unsure whether the Toll incident is a sign of a wider campaign.