TOLL Group has confirmed it has come under ransomware attack, the second cyber assault on the company this calendar year.

In a statement sent to Daily Cargo News, Toll reported shutting down certain IT systems on Monday after the detection of unusual activity on some servers.

“As a result of investigations undertaken so far, we can confirm that this activity is the result of a ransomware attack,” the company stated.

“Working with IT security experts, we have identified the variant to be a relatively new form of ransomware known as Nefilim.


“This is unrelated to the ransomware incident we experienced earlier this year.”

Toll says it is in regular contact with the Australian Cyber Security Centre.

“Toll has no intention of engaging with any ransom demands, and there is no evidence at this stage to suggest that any data has been extracted from our network,” the statement read.

“Toll’s priority is the safety and security of our customers, employees and vendor partners and, to that end, we have business continuity plans and manual processes in place to keep services moving while we work to resolve the issue.”

These arrangements are expected to continue for the remainder of the week. 

“We have been in contact from the outset with various customers impacted by the issue and we continue to work with them to minimise any disruption,” the statement concluded.