A group of cyberactivists from Belarus have launched a ransomware attack on the country’s railway system in protest against President Alexander Lukashenko and Russian troop movements in the country.
On Monday, Belarusian hacktivists announced on Twitter having encrypted the computer systems of the Belarusian railway networks, thus paralyzing the system and disrupting the sale of tickets.
The group also criticized Alexander Lukashenko and provided a list of demands in exchange for the decryption keys needed to unlock the system.
Political demands
“By order of the terrorist Lukashenko, Belarusian Railway allows occupation troops to enter our territory. We encrypted some of BR’s servers, databases and workstations to disrupt its operations. Automation and safety systems have NOT been affected to prevent emergency situations,” said the group.
“We have the encryption keys, and we are ready to restore the Belarusian Railroad company’s systems to normal mode. Our conditions: the release of the 50 political prisoners who most need medical assistance and preventing the presence of Russian troops on the territory of Belarus. »
Yuliana Shemetovets, a Belarusian activist and spokesperson for the group, told ZDNet that the goal is to disrupt the rail system “so that it can indirectly affect Russian troops who use it for their purposes (as part of a potential attack from Ukraine).
The fear of an occupation and a coming war
According to The Washington Post, the Belarusian Defense Ministry announced on Monday the arrival of Russian troops in the country for military exercises. Russia also sent 12 Su-35 fighters, two S-400 battalions and a Pantsir-S air defense system to Belarus as part of this. But US leaders believe the troop movements could be part of a Russian plan to invade Ukraine from the north.
“Belarusian cyber partisans do not want Russian soldiers in Belarus, because [cette situation] undermines the country’s sovereignty and puts it in danger of occupation, also dragging it into a war with Ukraine. And it is likely that Belarusian soldiers will have to participate and die in this interestless war,” accuses Yuliana Shemetovets.
Yuliana Shemetovets explains that the group encrypted most of the railway company’s servers, databases and workstations. The group gained access to the railroad’s systems in December.
“Backups have been destroyed. Dozens of databases were attacked, including AS-Sledd, AS-USOGDP, SAP, AC-Pred, http://pass.rw.by, uprava, IRC, etc. The automation and security systems were deliberately left untouched by the cyberattack in order to avoid emergency situations,” says the activist.
Positive reactions despite the impact on some passengers
The attack affected some Belarusian citizens who were trying to use the railway system’s ticketing platform, Yuliana Shemetovets said, adding that her group was working to restore the system so that ordinary citizens were not affected. The Belarusian Railways website was back online on Monday evening.
“We have received only positive reactions so far (people who write to us are ready to put up with the situation so that the main objective is achieved). The main targets are freight trains, but it seems that passenger schedules have also been affected.
“The government declined to comment. We have to wait a bit longer to see how it actually affected them. As long as Lukashenko’s dictatorial regime is in place, the members of the group will continue their work. »
The government declines to comment.
The government did not respond to requests for comment and did not issue a statement on the situation.
But Belarusian Railways issued a statement acknowledging the problem and saying that any web resources or services “issuing electronic travel documents” were temporarily unavailable. They added that they were working to restore the system and urged customers to contact their offices for travel documents.
Since the start of the protests against Lukashenko in 2020, Belarusian “cyberpartisan” have been trying to undermine the regime in place by disseminating documents showing widespread corruption and police brutality. The group is made up of former IT workers from Belarus, according to profiles from Bloomberg, The MIT Technology Review and The Washington Post.
An unprecedented situation
ZDNet has interviewed several ransomware experts, for whom this situation is unprecedented.
Emsisoft threat analyst Brett Callow is unaware of a similar situation where ransomware has been deployed in this way. “When it comes to helping activists achieve their goals, ransomware is as effective, if not more effective, than any other tool in their arsenal. And, of course, the barriers to entry are lower than ever thanks to ready-made user IDs and ransomware that are readily available,” he explains.
Allan Liska of Recorded Future echoed the remarks, telling ZDNet he had never seen anything like it before. This situation “reminds me a bit of the escalation that we saw with the kidnappings of the Red Brigades in the 70s and 80s. What started as simple kidnappings evolved into more radical behavior and assassinations. Ransomware has evolved from encrypting single machines to encrypting entire networks, and the types of extortion demanded have continued to evolve,” he says. “This could be the next leap in the evolution of ransomware, like an aberration. »
Source: ZDNet.com