Many of Toll’s services are back online following outages caused by the group isolating its systems to prevent the spread of a “targeted malware” attack that the company suffered on January 31.
“We have not made any contact with the attackers and have no intention of engaging,” the spokesperson said.
“We are treating this matter as a criminal matter and, as such, we have referred it to the appropriate authorities. We believe that our decision not to submit to the attacker’s demands is a responsible and appropriate course of action for our company and as a leader in the wider logistics sector – we do not want to encourage these types of attacks against other companies.
Toll also revealed that the malware in question is a new variant of the “mailto” ransomware. Mailto ransomware locks affected files in an unusable “mailto” format. It is unclear whether files can actually be recovered after being encrypted.
“We have shared samples of the affected variant with law enforcement, the Australian Cyber Security Center and cybersecurity organizations to ensure the wider community is protected,” Toll said in a statement.
“There is no indication that any personal data was lost as a result of the ransomware attack on our IT systems. We continue to monitor this while conducting a detailed investigation.
Several other companies have already been targeted by ransomware attacks, including global logistics company Maersk, which was crippled by an attack originating from Ukraine and believed to be the work of the Russian military. This attack cost Maersk nearly $300 million.