Ransomware Attack Hinders Toll Group Operations | Threatpost

Australian transportation and logistics giant Toll Group said a ransomware attack is to blame for several key services being debilitated and delivery operations being delayed over the past week.

Toll Group, a subsidiary of Japan Post Holdings, is a freight and delivery service company operating across more than 1,200 locations in 50 countries. The company is often used by e-commerce giants like eBay to transport anything from bulk commodities to critical spare parts and medical supplies, according to its website.

In the aftermath of the company first being hit by the ransomware attack on Friday, customers were reporting an impact on operations across Australia, India and the Philippines. Various Toll Group customer-facing services were also reportedly debilitated over the weekend, including its MyToll portal, used for creating shipments and booking pickups. In a Tuesday update, Toll Group said it has disabled certain systems “as a precautionary measure,” and in the meantime has set up a “combination of manual and automated processes” to keep up with global operations. However, it warned that some customers will still experience delays this week.

“We received a targeted ransomware attack which led to our decision to immediately isolate and disable some systems in order to contain the spread of the attack,” the company said in a Tuesday update. “We moved quickly to mitigate the potential impact and we’re undertaking a detailed investigation with a view to restoring all of the relevant systems as soon as possible. In the meantime, we’ve introduced manual systems where required to ensure we can continue to meet the needs of our customers.”

Threatpost has reached out to Toll Group for further information on how the company was first infected, what type of ransomware is involved in the attack, and what its next steps are in paying the ransom.

1/2 As a precautionary measure, Toll has made the decision to shut down a number of systems in response to a cyber security incident. Several Toll customer-facing applications are impacted as a result. Our immediate priority is to resume services to customers as soon as possible.

— Toll Group (@Toll_Group) February 3, 2020

According to reports by ITNews, the ransomware attack infected over 1,000 of the company’s servers and that global staff was told to keep desktops disconnected from the corporate network. Active Directory and corporate VPN applications are reportedly among those infected and taken offline.

The company said it has been working with relevant authorities since Friday. It said, at this stage it has seen no evidence to suggest any personal data has been lost. In the meantime, Toll Group said that all of its processing centers are continuing to operate (although some operations at slower speeds), including pick up, processing and dispatch operations. However, its online booking platform has been temporarily disabled, so customers need to book deliveries by calling the company’s contact centers.

Customers took to Twitter to express outrage toward the delivery outages in the days after the attack.

At least give us a freaking update!!! What on earth do we tell our customers? No ETA at all???

— Hurtle Gear (@HurtleGear) February 3, 2020

While I have some sympathy that the initial situation was partially out of your control, you’re handling and communication has been a complete joke. I can imagine a lot of companies will never use your service again as you have no backup plan for IT outages.

— Matt Sullivan (@MSullivan17) February 4, 2020

I’m in the same boat. They can’t event give me a list of shops I can check manually.
I asked them to call the driver but they only communicate via their system.
Looks like they have zero process in case of an IT outage. I’ve called them 5 times over the last 5 days.

— mockier (@mockier) February 2, 2020

Ransomware attacks continue to hurt companies and cripple their operations. On New Year’s Eve, foreign currency-exchange giant Travelex was hit in a ransomware attack, which left its customers and banking partners stranded without its services. Last year, aluminum giant Norsk Hydro fell victim to a serious ransomware attack that forced it to shut down or isolate several plants and send several more into manual mode.

“What scares me is that the sheer volume of ransomware attacks is starting to make people numb to their existence,”  Chris Morales, head of security analytics at Vectra, told Threatpost. “It’s a regular occurrence now, and it’s a very concerning and unfortunate reality we are now in.”