Watch Now


Toll Group victimized by ransomware attack

Toll Group confirmed it was the target of a ransomware attack. (Photo Credit: Jim Allen/FreightWaves)

(Updated May 13, 12:20 A.M ET, with comment from Toll)

Australian logistics and freight transport powerhouse Toll Group announced on Tuesday that cybercriminals using ransomware known as “Nefilim” attacked its systems last week.

A corporate server containing information on current and former Toll employees and customers was infiltrated.

The Melbourne-based company said it shut down its information technology systems to mitigate the risk of further infection and has not given in to demands to pay a ransom in exchange for being allowed access to its data again. Toll noted that the server is not a database for customers’ operational data.


Toll, ranked among the top 20 third-party logistics providers in the world by gross revenue, said it is still investigating what specific data the attackers downloaded. It said the unidentified attacker is known to publish stolen data on the so-called dark web rather than conventional online platforms.

It is the second time this year hackers have targeted Toll Group. On Feb. 1, the company notified the public it may have been the target of a cyberattack and that it had shut down its systems as a precaution.

Ransomware is a virus that locks a hard drive, rendering it inaccessible to the user, until a ransom is paid, generally in a cryptocurrency not tied to any regulated banks. Like all forms of cyberattacks, it is becoming an increasing problem in the freight and logistics sectors. Since last summer, ransomware outages have hit Truckstop.com, less-than-truckload carrier A. Duie Pyle and other companies. Container shipping giant Mediterranean Shipping Co. was the apparent victim of a cyberattack earlier this year. And in 2017, the biggest shipping line in the world, A.P. Moller-Maersk Group, was crippled by a cyberattack.

The Netfilim ransomware variant is a relatively new and sophisticated form of malware and is unrelated to the previous attack, a Toll Group spokesperson said.


Law enforcement agencies recommend against paying ransoms because there is no guarantee companies will get their data back.

Toll is working with the Australian Cyber Security Centre and the Australian Federal Police on the investigation.

“We condemn in the strongest possible terms the actions of the perpetrators. This a serious and regrettable situation and we apologize unreservedly to those affected. I can assure our customers and employees that we’re doing all we can to get to the bottom of the situation and put in place the actions to rectify it,” Managing Director Thomas Knudsen said in a statement.

Toll said it expects that it will take a number of weeks to determine more details and has begun contacting people believed to have been impacted. It is also providing individuals with online security monitoring tools.

Cybercrime poses “an existential threat for organizations of all sizes, making it more important than ever for business, regulators and government to adopt a united effort in combating the very real risk it presents to the wider community,” Knudsen said.

Toll Group has a large U.S. division that offers multimodal international and domestic freight transportation and warehousing services.

(Correction: A. Duie Pyle’s name was misspelled in an earlier version of this story.)


Eric Kulisch

Eric is the Supply Chain and Air Cargo Editor at FreightWaves. An award-winning business journalist with extensive experience covering the logistics sector, Eric spent nearly two years as the Washington, D.C., correspondent for Automotive News, where he focused on regulatory and policy issues surrounding autonomous vehicles, mobility, fuel economy and safety. He has won two regional Gold Medals and a Silver Medal from the American Society of Business Publication Editors for government and trade coverage, and news analysis. He was voted best for feature writing and commentary in the Trade/Newsletter category by the D.C. Chapter of the Society of Professional Journalists. He won Environmental Journalist of the Year from the Seahorse Freight Association in 2014 and was the group's 2013 Supply Chain Journalist of the Year. In December 2022, Eric was voted runner up for Air Cargo Journalist by the Seahorse Freight Association. As associate editor at American Shipper Magazine for more than a decade, he wrote about trade, freight transportation and supply chains. He has appeared on Marketplace, ABC News and National Public Radio to talk about logistics issues in the news. Eric is based in Vancouver, Washington. He can be reached for comments and tips at ekulisch@freightwaves.com