Toll reintegrates with customers' IT systems after ransomware attack

Toll Holdings says it is in the “final stages” of reactivating its IT systems and reintegrating them with major customers almost one month after experiencing a devastating ransomware attack.

“Toll is working through the final stages of IT systems reactivation,” it said in an update on Wednesday morning, its first in about a fortnight.

“This has been a progressive process which, since much of last week, has had Toll operating essentially as normal across large parts of our international network. 

“We’re moving air and ocean freight shipments, and most of our global logistics systems have resumed regular services.”

The company said that a major focus had been “engaging with customers across our operations, particularly those who’ve experienced ongoing disruption.” 

“In specific cases, we’re working with some of our customers one-on-one to reintegrate relevant systems and to provide them with information that they can share with their own customers regarding interim service delivery,” it said.

The company’s self-serve MyToll portal still remains offline, though Toll said it anticipated being able to restart online bookings via the portal this week.

Still, MyToll’s status meant that customers could still not track-and-trace parcels online, though Toll suggested contacting it through other channels such as its contact centre to check in.

Come Friday this week, it will be a month since Toll Group was infected with a variant of the Mailto ransomware.

The malware is believed to have infected up to 1000 servers, impacting around 500 corporate applications and compromising critical systems including Active Directory.