This article is more than 1 year old

Transport biz Toll Group suffers second ransomware infection in just three months

Which is just dandy seeing as deliveries are just a wee bit important right now

Transport company Toll Group has been slugged by ransomware for the second time in three months.

Toll is a US$8.7bn concern based in Australia but with operations around the globe.

The company yesterday warned customers that it "took the precautionary step yesterday of shutting down certain IT systems after we detected unusual activity on some of our servers.

"As a result of investigations undertaken so far, we can confirm that this activity is the result of a ransomware attack. Working with IT security experts, we have identified the variant to be a relatively new form of ransomware known as Nefilim."

Netfilim was spotted by threat-hunter Vitali Kremez in March, when he fingered it as a mutation of the Nemty ransomware.

Toll was hit by a variant of the Mailto ransomware in early February 2020 and decided to "immediately isolate and disable some systems in order to limit the spread of the attack".

The result was delays to shipments for corporate and individual clients alike. As one of Toll's clients is Australia Post – the nation's postal service – parcel deliveries were among the items delayed.

house on fire

Back when the huge shocking thing that felt like the end of the world was Australia on fire, it turns out telcos held up all right


Back in the bucolic days of February, Australia had mostly stopped burning so those delays were an inconvenience for most.

With the nation in lockdown and delivery services already stretched, this incident is doubly unwelcome.

Toll hasn't explicitly detailed the impact on its services but did say: "We have been in contact from the outset with various customers impacted by the issue and we continue to work with them to minimise any disruption."

The company has also said this infection is unrelated to its last attack and that it can find "no evidence at this stage to suggest that any data has been extracted from our network".

Nor will the company pay a ransom, instead trusting to business continuity plans and manual processes it expects will operate for a further week.

Ransomware attacks are a fact of life, but also preventable. While Toll has copped two new strains and they can be hard to defend, $8.7bn companies utterly dependent on IT to track countless shipments are supposed to have robust defences in place. ®

More about


Send us news

Other stories you might like