Cyber incident deemed a “new variant” of Mailto ransomware
Toll has divulged more information on the cyberattack that crippled its IT systems as the logistics giant gradually restores its operations.
In its most recent update it says it is continuing its roll-out of business continuity measures in response to the recent cyber-attack though offers no set date for full restoration.
“Many of our customers are now able to access our services across large parts of the network globally including freight, parcels, warehousing and logistics, and forwarding operations.
“Based on a combination of automated and manual processes instituted in place of the affected IT systems, freight volumes are returning to usual levels.
“We have also increased staffing at our contact centres to assist with customer service.
“Notwithstanding the fact services are being provided largely as normal, some customers are experiencing delays or disruption and we’re working to address these issues as we focus on bringing our regular IT systems back online securely.”
Toll noted in its last update it referred the attack to criminal investigators
Toll re-iterates its earlier contention that there’s no indication any personal data was lost as a result of the ransomware attack on its IT systems.
“We continue to monitor this as we work through a detailed investigation,” it says.
It explains the ransomware is a new variant of the Mailto ransomware, which sources say attacks Windows systems and can spread through typical means such as spam email attachments and malicious hyperlinks.
“We have shared samples of the relevant variant with law enforcement, the Australian Cyber Security Centre, and cyber security organisations to ensure the wider community is protected,” Toll adds.
UPDATE: As of Thursday, Toll says its focus is on restoring relevant underlying infrastructure and fully-automated systems, and on conducting a thorough review of affected IT hardware.
“In doing so, we are working closely with our cyber security advisers to ensure that any risk associated with this incident has been appropriately managed and neutralised.
“At the same time and based on our ongoing business continuity measures, many of our customers are continuing to access services across large parts of the network globally.
“Regretfully, some customers are experiencing delays or disruption while we work towards bringing our regular IT systems back online securely.
“Our teams across our operations are working with affected customers, including via our call centre where additional resources are on hand to help customers with queries about parcel deliveries.”