Australian logistics company Toll has been forced to disable its systems and use non-digital processes after a ransomware attack on Friday (Jan 31) caused delays throughout the country, according to a report by ZDNet.
“We can confirm the cybersecurity incident is due to a targeted ransomware attack which led to our decision to immediately isolate and disable some systems in order to limit the spread of the attack,” Toll wrote in an update on Tuesday (Feb. 4). “We moved quickly to mitigate the potential impact and we're undertaking a detailed investigation with a view to restoring all of the relevant systems as soon as possible.”
The company has more than 40,000 workers and it had to shut down a variety of systems to protect itself, which affected customers across Australia. The company said that no personal data was compromised in the cyberattack.
“We became aware of the issue on Friday 31 January and, as soon as it came to light, we moved quickly to disable the relevant systems and initiate a detailed investigation to understand the cause and put in place measures to deal with it,” the statement said. “We're continuing to undertake a thorough investigation and we're working around the clock to restore normal services at the earliest opportunity. We'll continue to provide updates as we securely bring our systems back online.”
In an attempt to clear the amount of undelivered goods affected by the cyberattack, the logistics company was forced to revert to manual processes.
“As a result of our decision to disable certain systems following a recent cybersecurity threat, we're continuing to meet the needs of many of our customers through a combination of manual and automated processes across our global operations, although some are experiencing delay or disruption,” Toll said, adding that it’s processing and delivering packages “at reduced speed in some cases.”
On Wednesday (Feb. 5), Toll identified the ransomware as an offshoot of a popular Mailto iteration.
“We have shared samples of the relevant variant with law enforcement, the Australian Cyber Security Centre, and cybersecurity organisations to ensure the wider community is protected,” the updated statement said. “There continues to be no indication that any personal data has been lost as a result of the ransomware attack on our It systems. We continue to monitor this as we work through a detailed investigation.”
The company also said that its processes are returning to normal.