Toll Group

Toll Group, one of Australia's largest logistics companies, was hit by a targeted ransomware attack using the Mailto variant, forcing the shutdown of IT systems and causing widespread delivery disruptions across the country.

What Happened

On 31 January 2020, Toll Group detected unauthorised activity on its network and immediately shut down IT systems to contain the attack. The company confirmed it had been targeted by the Mailto ransomware variant, a sophisticated strain that encrypts files and demands payment for decryption keys.

The attack forced Toll to take down critical IT systems including email, customer portals, and operational systems used for freight tracking and delivery coordination. The Australian Cyber Security Centre (ACSC) was engaged to assist with the response. Toll refused to pay the ransom and instead focused on restoring systems from backups.

Impact on Individuals

The ransomware attack caused significant disruption to delivery services across Australia, affecting both businesses and individuals waiting for shipments. While Toll continued manual operations where possible, the loss of IT systems created delays and reduced visibility into shipment status for customers.

Organisational Response

Toll Group Managing Director Thomas Knudsen publicly acknowledged the attack and provided regular updates to customers. The company worked with the ACSC, the Australian Federal Police (AFP), and cybersecurity specialists to investigate the breach and restore systems. Toll implemented enhanced security measures and accelerated plans to modernise its IT infrastructure. Notably, Toll would be hit by ransomware again just three months later in May 2020, highlighting the persistent threat facing critical infrastructure providers.