Australian transport company Toll Group has suffered a “security incident” that made customers unable to send, receive or track their shipments.

The company, with operations across the globe, including mainland China, offers transportation and logistics services. Its delivery service is seemingly the hardest-hit.

“As a precautionary measure, in response to a cybersecurity incident on Friday, Toll deliberately shut down a number of systems across multiple sites and business units,” the company said in a statement. “Toll IT teams are working closely with global cybersecurity experts to resolve the issue” and “making progress with our recovery activities to restore our systems and Toll customer-facing applications.”

Missing from the statement is exactly what sort of cybersecurity incident this was, though there’s speculation that it was likely a ransomware attack. ITNews, quoting a source familiar with the matter, said the ransomware attack had affected more than 1,000 servers and that staff worldwide had been told to leave desktops and laptops switched off and disconnected from the corporate network.

Systems at the company remained offline today. Reports indicated that the company had resorted to processing deliveries manually. Operations in Australia, India and the Philippines are also said to have been the hard-hit.

“If it is ransomware, this could be bad news for the company,” Javvad Malik, security awareness advocate at security awareness training firm KnowBe4 Inc., told SiliconANGLE. “We’ve seen cybercriminals get more and more cunning with their ransomware infections. No longer are they just satisfied with encrypting data and demanding payment, but they take the opportunity to steal data and credentials, and use those as extra leverage against the victim organization.”

As a result, he added, the benefit of having offsite backups or threat detection controls begins to diminish, and it becomes imperative that organizations protect against infection to begin with. “When we look at the most common attack vectors, this usually boils down to knowing where all assets are, ensuring public-facing systems are patched, multi-factor authentication is deployed where possible, and perhaps most importantly, all staff are provided effective security awareness and training so that they can recognize phishing or other social engineering attacks and report them,” he said.

Photo: Toll Group/Wikimedia Commons