Toll Hit By Customer Fallout Following Cyberattack
Toll Group says it has rolled out a deliberately cautious approach to restoring its systems after the cyberattack, despite the negative impact it has on customers.
Many companies working with Toll declined to make a public comment on the company’s troubles, admitting it has been the victim of a crime, but privately there is a growing sense of anger over how the company has handled its response and the severity of the problem.
On Sunday, a Toll spokesperson revealed the company had removed up to 500 applications that supported its international operations, spanning 25 countries. The company adopted a deliberately cautious approach in the delay of bringing its systems back online quickly, in order to manage the threat in a methodological and orderly manner.
But individuals have taken to social media to publicly complain that Toll’s customer service line provided minimal information and made promises about impending deliveries that failed to eventuate.
‘From the outset, we’ve prioritised customer-facing and other critical systems. We now have many of our customers back online and operating essentially as normal, including through large parts of our global cargo-forwarding network and across our logistics warehouse operations around the world. And, we’re progressively reactivating full services on the MyToll parcels booking and tracking portal,’ the spokesperson said, according to The Australian Financial Review.
‘Core systems including email, phones and end-user devices have been tested, restored and are operating as normal.
‘For all of that, we know that some of our customers continue to be affected. We’re working with them and we’re doing everything in our power to get them moving as a matter of priority and, importantly, when it’s safe to do so.’
The spokesperson declined to comment on the financial impact the cyberattack took on Toll, or the issues of penalties it had suffered from clients, saying it was too early to be specific about the impact.
Earlier this month, Toll said it was working with the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) alongside cyber security companies to help identify the virus and how to respond.
The ACSC later released an advisory notice about Mailto, saying it had published a so-called hash of the ransomeware – an identifier that can be used by other organisations to scan their systems and get warning notifications if it is identified on their network.
Toll has also been working with Federal Police since the attack and the government’s ACSC said on 6 February it was aware of recent ransomeware attacks involving Mailto or Kazakavkovkiz.
‘At this time, the ACSC is unaware whether these incidents are indicative of a broader campaign,’ the ACSC said.
‘There is some evidence that Mailto actors may have used phishing and password spray attacks, and then used compromised accounts to send further phishing emails to the user’s address book to spread the malware.’
‘There is currently limited information from this compromise on how the malware is spread laterally across a network.’
Toll could be in for an expensive and lengthy recovering period.
ChannelNews has contacted Toll for comment.