Toll Group was hit with a ransomware attack took down many of its delivery and tracking systems and leaving it unable to tell customers where their parcels were.
The company had to remove up to 500 applications that supported its international operations, spanning 25 countries.
There is a growing sense of anger over how the company has handled its response and the severity of the problem.
Freight delivery giant Toll Group is battling to fully restore its services , took down many of its delivery and tracking systems, but now it stares at a much bigger problem: leaving customers.
The company was hit with a ransomware attack, known as "Mailto" or "Kazakavkovkiz" two weeks ago, leaving it unable to tell customers where their parcels were.
Toll Group says it has rolled out a deliberately cautious approach to , despite the negative impact it has on customers.
On Sunday, a Toll spokesperson revealed the company had removed up to 500 applications that supported its international operations, spanning 25 countries. However, the company has also said that the Core systems including email, phones and end-user devices have been tested, restored and are operating as normal.
From the outset, we’ve prioritised customer-facing and other critical systems. We now have many of our customers back online and operating essentially as normal, including through large parts of our global cargo-forwarding network and across our logistics warehouse operations around the world. And, we’re progressively reactivating full services on the MyToll parcels booking and tracking portal.
- Spokesperson, Toll
The spokesperson declined to comment on the financial impact the cyberattack took on Toll, or the issues of penalties it had suffered from clients, saying it was too early to be specific about the impact.
Toll said earlier this month that it was working with the Australian Signals Directorate's Australian Cyber Security Centre (ACSC) as well ascompanies to help identify the virus and work out how to best respond. The ACSC later released an advisory notice about Mailto, saying it had published a so-called hash of the ransomware – an identifier that can be used by other organizations to scan their systems and get warning notifications if it is identified on their network.
At this time, the ACSC is unaware whether these incidents are indicative of a broader campaign. There is some evidence that Mailto actors may have used phishing and password spray attacks, and then used compromised accounts to send further phishing emails to the user’s address book to spread the malware. There is currently limited information from this compromise on how the malware is spread laterally across a network.
- Australian Cyber Security Centre (ACSC)
Companies including Unilever, Adidas, Nike, Telstra, Optus, Footlocker and Officeworks, have been left to fend off disgruntled customers due to indefinite delays for deliveries. Toll is understood to have been hit by numerous penalty payments due to its failure to fulfill contractual commitments. Many of these companies, though, have denied to make any comments on Toll's troubles, admitting it has been the victim of a crime.
Privately there is a growing sense of anger over how the company has handled its response and the severity of the problem. The company adopted a deliberately cautious approach in, in order to manage the threat in a methodological and orderly manner.
Toll did not pay the ransom, as is the strategy usually advised by experts, and has declined to say how much was demanded. However, the time taken to investigate the problems and start bringing services back online has caused some of its biggest customers to take their business to rivals.
A Telstra spokesman said its main problem from the Toll hack had been the need to switch to manual processes from automated deliveries. Customers have become accustomed to next day deliveries as a bare minimum, and expect to be able to see online where their parcels are. Their spokesman said that it had brought in other delivery companies alongside Toll to try and make sure stock was available and minimize delays.
Optus too, has had to make new commercial agreements with Toll's rivals and said it was unable to comment, at this stage, on whether it would resume its work with Toll in the same capacity after the hack was resolved.
The cyberattack on Toll serves as a huge wake-up call to other companies, said cybersecurity experts. The length of delay showed Japanese-owned Toll had understated the severity of the problem in its public statements.
The Toll Group, from the looks of it, is now staring at a long and expensive recovering period.