The incident is thought to be one of the first times ransomware has been used in hacktivism
Belarusian hacktivists claim to have infected the country’s rail network with ransomware in a bid to stop the Russian military from mobilising around Ukraine.
The Cyber Partisan hacktivists claim to have encrypted “the bulk of the servers, databases, and workstations” belonging to the Belarusian Railways, and destroyed their backups, according to posts on Telegram and Twitter.
Cyber Partisan is demanding the release of 50 political prisoners who are in need of medical assistance and assurances that Russian troops will stop mobilising on Belarusian soil – a country that shares a border with Ukraine and whose leader has a close relationship with Vladimir Putin,
“BelZhD, at the command of the terrorist Lukashenko, these days allows the occupying troops to enter our land,” the Telegram message read. “As part of the ‘Peklo’ cyber campaign, we encrypted the bulk of the servers, databases, and workstations of the BelZhD in order to slow down and disrupt the operation of the road. The backups have been destroyed.
“Dozens of databases have been cyberattacked, including AS-Sledd, AS-USOGDP, SAP, AC-Pred, pass.rw.by, uprava, IRC, etc. Automation and security systems were deliberately NOT affected by a cyber attack in order to avoid emergency situations.”
In the online posts, the group echoed the message shared by Belarusian rail workers on Friday that more than 33 Russian military trains containing equipment and soldiers would be entering Belarus. The message was also corroborated by reports from other news outlets.
We have encryption keys, and we are ready to return Belarusian Railroad’s systems to normal mode. Our conditions:🔺 Release of the 50 political prisoners who are most in need of medical assistance.🔺Preventing the presence of Russian troops on the territory of #Belarus. https://t.co/QBf0vtcNbK— Belarusian Cyber-Partisans (@cpartisans) January 24, 2022
Belarusian Railways published a statement on Monday confirming that it was experiencing difficulties and that some services were unavailable, though no mention of compromised systems, databases, or servers was mentioned – nor was ransomware.