TOLL Group says it is making “good progress” in rebuilding core online systems following this week’s ransomware attack.

As reported in DCN, the company was attacked by a form of ransomware known as Nefilim, the second major cyberattack on it this year.

Toll Group says rebuilding efforts include cleaning affected servers and systems and restoring files from backups.

“In the meantime, our business continuity and manual processes are keeping services moving across many parts of the network although, regrettably, some customers are experiencing delays or disruption,” the company stated.

Freight shipments are currently largely unaffected and parcel deliveries are said to be running essentially to schedule.


Parcel tracking and tracing through the MyToll portal, however, remains offline.

“We are prioritising the movement of essential items, including medical and healthcare supplies into the national stockpile for COVID-19 requirements,” the company said in a statement.

“This includes running charter flights from China.”

Toll also reported “working closely” with large enterprise customers whose services are affected.

“We expect to maintain current business continuity and manual processing arrangements through the week, and we are in regular contact with the Australian Cyber Security Centre regarding the investigation and recovery process,” the company stated. “Toll apologises to customers affected by delays or disruption to services.”