Toll was attacked using the Nefilim ransomware that runs only on Windows systems.
Among the documents, released as one text file and one zipped file, are many files dealing with compliance requirements for other countries, financial documents, tax invoices and the like.
Toll announced on 5 May that it had been compromised by the ransomware. This was the second attack on Toll this year, with the first in February being through use of the Mailto ransomware.
A screenshot of the announcement about the Toll documents on the dark web. Supplied
It appears that the company, a huge business, had pretty good back-ups as there has been no sign of any communication with the attackers.
The second lot of documents related to Toll's dealings with Samsung, the South Korean conglomerate, and were posted on 5 June.
There were two links that time too, one being a text file that listed the names of the documents. The second, coming in at 4.6 gigabytes, included the documents themselves.
Contacted for comment, iTWire's regular commentator Brett Callow, a threat researcher with the New Zealand-headquartered security outfit Emsisoft, said: “Toll’s decision not to pay was a smart one. Law enforcement agencies everywhere advise against paying, and they do so for a reason: paying keeps the criminals in business.
"If every company were to stop paying tomorrow, ransomware would cease to be a problem tomorrow. It’s that simple.”
Contacted for comment, a Toll spokesperson said: "We're aware that certain information has been published to the dark web. We're investigating the precise nature of the information, with the support of our cyber security partners. We continue to work closely with relevant federal authorities on the matter."