In a statement issued on Tuesday about the attack, the second ransomware assault on its servers this year, Toll said there was no chance it would engage with the attackers' ransom demands.
The malware in question is named Nefilim and the attackers also threaten to leak data from their victims in similar fashion to a number of other ransomware groups.
Toll Group managing director Thomas Knudsen said the company was the victim of an "unscrupulous attack".
"I can assure our customers and employees that we’re doing all we can to get to the bottom of the situation and put in place the actions to rectify it."
A security source told iTWire that Toll was the sixth victim of the Nefilim group.
All the organisations hit by the group were big companies, this source pointed out, marking a point of difference with other ransomware groups which generally alternate between attacking small companies and hitting only the occasional large enterprise.
One of Nefilim's victims was the Brazilian firm Cosan, one of the world's big ethanol and sugar producers, which has been accused of using slave labour.
A second, MAS Holdings, has been accused of paying very low wages to its workers.
Aban Offshore, an Indian firm hit by Nefilim, was working in Burma and working to extract natural gas from oil deposits there.
The source said the fourth and fifth Nefilim victims were a company which cuts down rainforests in Brazil to make roads and an oil company that drills offshore.
Given this list of victims, it appeared that the Nefilim group was taking aim at companies with a poor environmental record.
However, Toll Holdings was the odd man out as it did not fit in with the other five companies, the source added.