Logistic company Toll Group is still not fully online following a ransomware attack that brought down its IT systems last week.

In an update yesterday afternoon, Toll said it was bringing its systems “progressively online” after one of its “core IT systems” was securely reactivated last week.

“At the same time, we’re continuing to support our large enterprise customers whose services are affected by the disruption to online operations,” the company said.

“While there are delays in some parts of the network, freight shipments and parcel deliveries are moving by and large as normal, with Toll call centres taking bookings over the phone.”

The customer portal, MyToll, now redirects to a page informing customers of the outage and giving options for how to make phone bookings.

Some of Toll’s employees have email again, too.

Last week’s incident was the second ransomware attack to topple Toll’s systems this year.

Late January, the company discovered it had been infected with the Mailto ransomware – an attack from which it took Toll some three weeks to fully recover.

As with January’s incident, Toll said it has “no intention” to engage with the cyber criminals behind the ransomware.


The ransomware used to send Toll back to the phones is known as Nefilim which was first spotted in March.

Cybersecurity researchers told Bleeping Computer that the ransomware encryption used by Nefilim had not been cracked and therefore couldn’t be easily decrypted.

A sample ransom note from the malware tells the user that their files “have been encrypted with military grade algorithms”.

Along with the usual data hostage situation, Nefilim also claims to have exfiltrated information from the infected system.

“A large amount of your private files have been extracted and is kept in a secure location,” the ransom note says.

“If you do not contact us in seven working days of the breach we will start leaking the data.”

Sky News revealed last week that the Nefilim ransomware was used to target Sri Lankan lingerie company, MAS Holdings, which produces clothes for Nike, Victoria’s Secret, and singer Beyonce’s clothing line.

In that instance, the hackers claimed to have taken 300GB worth of data including financial documents like workers’ payroll files.

MAS Holdings refused to comment on the breach.