{
	"id": "3e0d1634-3e09-434b-ae7a-5b4de4f2dd11",
	"created_at": "2026-04-06T02:13:16.355906Z",
	"updated_at": "2026-04-10T03:20:42.157513Z",
	"deleted_at": null,
	"sha1_hash": "790d4618fa81274066f7e041e156127dcd42588d",
	"title": "Ransomware Attack Hinders Toll Group Operations",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47632,
	"plain_text": "Ransomware Attack Hinders Toll Group Operations\r\nBy Lindsey O'Donnell\r\nPublished: 2020-02-04 · Archived: 2026-04-06 02:08:24 UTC\r\nCustomers took to Twitter to air their grievances after some of the transportation giant’s operations were downed.\r\nAustralian transportation and logistics giant Toll Group said a ransomware attack is to blame for several key\r\nservices being debilitated and delivery operations being delayed over the past week.\r\nToll Group, a subsidiary of Japan Post Holdings, is a freight and delivery service company operating across more\r\nthan 1,200 locations in 50 countries. The company is often used by e-commerce giants like eBay to transport\r\nanything from bulk commodities to critical spare parts and medical supplies, according to its website.\r\nIn the aftermath of the company first being hit by the ransomware attack on Friday, customers were reporting an\r\nimpact on operations across Australia, India and the Philippines. Various Toll Group customer-facing services\r\nwere also reportedly debilitated over the weekend, including its MyToll portal, used for creating shipments and\r\nbooking pickups. In a Tuesday update, Toll Group said it has disabled certain systems “as a precautionary\r\nmeasure,” and in the meantime has set up a “combination of manual and automated processes” to keep up with\r\nglobal operations. However, it warned that some customers will still experience delays this week.\r\n“We received a targeted ransomware attack which led to our decision to immediately isolate and disable some\r\nsystems in order to contain the spread of the attack,” the company said in a Tuesday update. “We moved quickly\r\nto mitigate the potential impact and we’re undertaking a detailed investigation with a view to restoring all of the\r\nrelevant systems as soon as possible. In the meantime, we’ve introduced manual systems where required to ensure\r\nwe can continue to meet the needs of our customers.”\r\nThreatpost has reached out to Toll Group for further information on how the company was first infected, what type\r\nof ransomware is involved in the attack, and what its next steps are in paying the ransom.\r\nAccording to reports by ITNews, the ransomware attack infected over 1,000 of the company’s servers and that\r\nglobal staff was told to keep desktops disconnected from the corporate network. Active Directory and corporate\r\nVPN applications are reportedly among those infected and taken offline.\r\nThe company said it has been working with relevant authorities since Friday. It said, at this stage it has seen no\r\nevidence to suggest any personal data has been lost. In the meantime, Toll Group said that all of its processing\r\ncenters are continuing to operate (although some operations at slower speeds), including pick up, processing and\r\ndispatch operations. However, its online booking platform has been temporarily disabled, so customers need to\r\nbook deliveries by calling the company’s contact centers.\r\nhttps://threatpost.com/ransomware-attack-hinders-toll-group-operations/152552/\r\nPage 1 of 2\n\nCustomers took to Twitter to express outrage toward the delivery outages in the days after the attack.\r\nAt least give us a freaking update!!! What on earth do we tell our customers? No ETA at all???\r\n— Hurtle Gear (@HurtleGear) February 3, 2020\r\nhttps://twitter.com/MSullivan17/status/1224554136361791488\r\nRansomware attacks continue to hurt companies and cripple their operations. On New Year’s Eve, foreign\r\ncurrency-exchange giant Travelex was hit in a ransomware attack, which left its customers and banking partners\r\nstranded without its services. Last year, aluminum giant Norsk Hydro fell victim to a serious ransomware attack\r\nthat forced it to shut down or isolate several plants and send several more into manual mode.\r\n“What scares me is that the sheer volume of ransomware attacks is starting to make people numb to their\r\nexistence,”  Chris Morales, head of security analytics at Vectra, told Threatpost. “It’s a regular occurrence now,\r\nand it’s a very concerning and unfortunate reality we are now in.”\r\nSource: https://threatpost.com/ransomware-attack-hinders-toll-group-operations/152552/\r\nhttps://threatpost.com/ransomware-attack-hinders-toll-group-operations/152552/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://threatpost.com/ransomware-attack-hinders-toll-group-operations/152552/"
	],
	"report_names": [
		"152552"
	],
	"threat_actors": [],
	"ts_created_at": 1775441596,
	"ts_updated_at": 1775791242,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/790d4618fa81274066f7e041e156127dcd42588d.pdf",
		"text": "https://archive.orkl.eu/790d4618fa81274066f7e041e156127dcd42588d.txt",
		"img": "https://archive.orkl.eu/790d4618fa81274066f7e041e156127dcd42588d.jpg"
	}
}