This story has been updated to indicate that the latest incident was a ransomware attack.

Logistics company Toll Group has fallen prey to a second ransomware attack this year.

In a statement, Toll confirmed that a systems outage which began on Monday was the result of the Nefilim ransomware.

"This is unrelated to the ransomware incident we experienced earlier this year," the statement said.

"Toll has no intention of engaging with any ransom demands, and there is no evidence at this stage to suggest that any data has been extracted from our network. We are in regular contact with the Australian Cyber Security Centre (ACSC) on the progress of the incident."

IT News first reported the incident on Monday night, and received confirmation from Toll of that it had “detected unusual activity” on some of its servers.

The MyToll web portal – used to manage parcel and freight shipping – is still offline and displays a message saying the company is “currently experiencing a system outage”.

“As a precautionary measure, we moved quickly to take various IT systems offline, including the servers in question, while we initiated a full investigation,” a spokesperson told IT News.

“We activated our business continuity plan as soon as we disabled the online systems in question, including instigating manual processes to ensure we can keep services moving for our customers.

“We have been working through the day with certain customers who have been impacted.”

When contacting Toll for this story, Information Age also learned that the company was not receiving external emails as a result of the systems outage.

Users took to social media venting their frustration about “unreliable” MyToll being shut down while they wait for packages.

According to Toll, there has been no sign that this incident was related to the ransomware attack in late January that the company was still recovering from three weeks later.

Speaking to the Australian Financial Review after the ransomware attack, Toll’s managing director, Thomas Knudsen, explained his business’ response to cyber incidents.

“In the first 48 to 72 hours, IT stops the attack, you disconnect all the servers and then you start activating the BCPs (business continuity plans) across the business,” Knudsen said.

“The IT team focuses on getting an overview of what actually happened, while the senior leadership team tries to figure out how we structure operations during recovery.”

Knudsen also told the Financial Review he’d been issuing warnings for years that “it's not a question of if you will be hit by a cyber attack, it's when it will happen to you.

“And then the question becomes how impactful will it be?”

The logistics company has struggled during COVID-19 with Knudsen agreeing to take a 40 per cent pay cut while staff hours have been reduced.