Toll Group is still working to restore some of its systems and is completing services manually after the Australian courier and logistics giant was hit by a ransomware attack nearly two weeks ago.

Toll revealed earlier this month that it had been hit by a ransomware attack at the end of January, with its IT systems taken down and the company resorting to manual processes.

“We became aware of the issue on Friday 31 January and, as soon as it came to light, we moved quickly to disable the relevant systems and initiate a detailed investigation to understand the cause and put in place measures to deal with it,” the company said.

Toll’s systems have been infected with a strain of the Mailto ransomware, which locks the impacted files into the unusable ‘mailto’ format.

The company has reportedly refused to pay the hacker’s ransom and is still working to restore its networks.

Toll posted an update earlier this week, revealing that it is still using manual processes with many of its services.

The majority of Toll’s internal networks and user access is now operational.

For global forwarding, Toll is “continuing to move large volumes of international air and ocean freight shipments”, with turnaround times affected.

The company’s parcel delivery service, Global Express, is operating through a combination of manual and automated processes.

“A key priority is to bring our booking and tracking platform back online,” the update said. “We expect customers to be able to use this platform for some services towards the end of the week as we progressively roll out the full functionality of the platform.”

Toll’s transport services are also operating through manual and automated systems, with “minimal interruption” to most customers, while Global Logistics is “working with customers to restore key warehouse and transport applications”.

“As we work towards reinstating IT systems securely, Toll’s teams across the globe are continuing to work tirelessly to ensure customers have access to our services and operations across the network, while supporting those customers affected by delays or disruption,” Toll said.

“We are progressing with thorough testing and validation of our IT systems, in collaboration with key customers, with a view to restoring our systems as soon as it is deemed safe and secure for anyone who engages with Toll’s IT network including customers, employees, suppliers and vendors.

“We continue to operate with our business continuity plans and work on technical recovery. For customers impacted by this incident, we deeply apologise and reassure you that we are working hard to resume normal operations.”

Toll has shared samples of the malicious software with law enforcement, the Australian Cyber Security Centre and cybersecurity organisations.

The company has said there is “no indication that any personal data has been lost”.

Toll isn’t the first company this year to be feeling the effects of a ransomware attack, with global currency exchange Travelex still working to fully restore its systems after a similar attack at the end of last year.

Hackers behind the attack on Travelex demanded a ransom to restore the company’s systems and return customer data, forcing the company to conduct services manually and leaving customers using pre-loaded cards in the lurch.

After initially claiming it was the result of a “software virus”, Travelex confirmed it had been hit with ransomware that encrypted the files on its network and demanded a ransom in exchange for decryption.

The hackers have reportedly demanded a ransom of more than $8.5 million in exchange for decrypting the 5GB of customer data that was obtained.