Toll Group 'returns to normal' after Mailto ransomware attack

Toll Group has re-enabled track and trace on deliveries and brought its core services back online again, more than six weeks after being infected by a variant of the Mailto ransomware.

The logistics giant said on Wednesday afternoon that its recovery involved a coordinated effort between multiple parties, in part to provide assurance that it had eradicated the malware. 

“Our core services have returned to normal for the majority of our customers across Toll’s global network following the cyber attack on January 31,” Toll Group said. 

“Before bringing applications back online, we implemented important measures to satisfy ourselves that our systems have been cleansed of the Mailto ransomware.

“The nature of the cyber attack required careful, thorough measures to securely restore our global systems, with the support of regulatory bodies, including the Australian Cyber Security Centre of Australia. 

“We understand it was a challenging time for those impacted customers and we thank you for your support and understanding.”

The company said today that its global freight forwarding operating platform, CargoWise One, “is up and running and we’ve reconnected the majority of customers to our integration platforms.”

The reintegration effort spanned several weeks, with the company last providing a status update on that effort in late February.

For Toll Express customers, the company said its “core booking platform, MyToll, is operational, with bookings and track and trace functions now available.”

The company had recovered track functionality earlier this month, but only for new bookings, rather than for parcels already in the delivery network.

In addition, core systems supporting “the majority” of services for global logistics customers had also now been recovered.

Toll Group was infected with a variant of the Mailto ransomware at the end of January this year.

The malware is believed to have infected up to 1000 servers, impacting around 500 corporate applications and compromising critical systems including Active Directory.