In a statement released on Tuesday, Toll said it had shut down some of its systems as a precaution.
The company said it would not entertain the idea of paying a ransom to extricate itself from the situation.
It claimed that there was no evidence to show that any data had been exfiltrated from its network.
In February, Toll was hit by ransomware known as Mailto.
"We are in regular contact with the Australian Cyber Security Centre on the progress of the incident," the Toll statement said.
"Toll’s priority is the safety and security of our customers, employees and vendor partners and, to that end, we have business continuity plans and manual processes in place to keep services moving while we work to resolve the issue. We expect these arrangements to continue for the remainder of the week.
"We have been in contact from the outset with various customers impacted by the issue and we continue to work with them to minimise any disruption."
Commenting on the incident, Mark Sinclair, ANZ regional director for security outfit Watchguard Technologies, said it was unusual to see a company get hit by ransomware twice in a fairlys short period.
"Nefilim features the added threat that sensitive data may be released by the attackers if the ransom is not paid," he said. "This is a step up in the battle against ransomware and it is a strong reminder to businesses that prevention is much better than a cure.
"Stopping ransomware in the first place should be a priority. This includes having technology protections such next-gen firewalls, advanced endpoint protection and multi-factor authentication but also ongoing user awareness training.
"Users are often overlooked, but awareness training can be one of the most effective mitigation strategies."
Mark Perry, Asia-Pacific chief technology officer with PIng Identity, said: "The threat from ransomware attacks is increased when many workers are operating from non-office environments, perhaps on non-company supplied devices.
"For organisations, this way of working will become the new normal, and IT departments need solutions that not only mitigate the risks, but are fast to deploy and easy to maintain.
"Multi-factor authentication that uses a risk-based approach to user login and authorisation is a 'quick win' for many organisations in the fight against attackers.
"Using the data available from a user's smartphone, rogue requests for access to applications, devices and data can be matched against previous usage, and obvious anomalies, like a request from overseas 30 minutes after a successful local login, can be blocked, and security systems notified."