The majority of Toll’s domestic networks and consumer access are now operational and the company continues to carry large volumes of international air and ocean freight.

“While we work to restore secure IT systems, Toll teams around the world continue to work tirelessly to ensure customers can access our services and operations across the network, while supporting those customers affected by delays or disruptions,” they said from Toll Group in a statement.

“We are progressing with extensive testing and validation of our IT systems, in collaboration with key customers, with a view to restoring our systems as soon as it is deemed safe and secure for everyone engaging with Toll’s IT network, including customers, employees , suppliers and sellers.”

The Toll Global Express business, which includes the parcel delivery service, continues to operate with a combination of both manual and automated processes. But MyToll, the company's booking and tracking platform, remains offline.

"To the customers affected by this incident, we deeply apologize and assure you that we are working hard to resume normal operations," Toll said.

Toll did not say who launched the attack or how they breached its systems, although the Mailto ransomware used to cripple the company is typically introduced via fraudulent emails. The Australian Cyber ​​Security Center has issued a warning about the new mailto variant that hit Toll and said there is currently "limited information from this compromise about how malware can spread laterally across the network".

The ACSC is not aware if the Toll incident is indicative of a wider campaign.