In protest of the regime and Russian army advance, Belarusian activists conduct a ransomware assault against a railway

In protest of Belarus President Alexander Lukashenko and Russian army moves in the nation, an activist group in Belarus launched a ransomware assault against the country’s railway system.

Belarusian Cyber-Partisans went to Twitter on Monday to claim that they had encrypted Belarusian Railways’ networks, crippling the system and interrupting ticket sales. The group chastised Lukashenko and laid forth a list of demands in return for the encryption keys that would allow the system to be unlocked.

“The tyrant Lukashenko’s leadership authorises the invading soldiers to enter our country through the #Belarusian Railway. To impair BR’s activities, we encrypted certain of its servers, databases, and workstations. To prevent emergency circumstances, automation and security systems were not impacted “explained the collective.

“We have encryption keys and are ready to restore normalcy to the Belarusian Railroad’s systems. Our circumstances are as follows: The release of 50 political prisoners who are in desperate need of medical attention. Preventing Russian soldiers from entering Belarusian territory.”

We possess encryption keys and are prepared to restore normalcy to the Belarusian Railroad’s systems. Our circumstances are as follows:

🔺 Release of the 50 political prisoners who are most in need of medical assistance.
🔺Preventing the presence of Russian troops on the territory of #Belarus. https://t.co/QBf0vtcNbK

— Belarusian Cyber-Partisans (@cpartisans) January 24, 2022

The group’s objective, according to Yuliana Shemetovets, a Belarusian activist and spokeswoman, was to impair the railway infrastructure “so that it might indirectly impact Russian forces utilising it for their goals (possible invasion on Ukraine).”

The Belarusian Defense Ministry warned on Monday that Russian soldiers were coming to the nation for military drills, according to The Washington Post. As part of the troop transfer, Russia is deploying 12 Su-35 fighter jets, two S-400 battalions, and a Pantsir-S air defence system to Belarus, but US officials say it’s all part of a Russian strategy to attack Ukraine from the north.

“[Belarusian Cyber-Partisans] oppose Russian military in Belarus because it jeopardises the country’s sovereignty and puts it at risk of occupation. Belarus is also dragged into a conflict with Ukraine. And, most likely, Belarusian troops would be forced to fight and perish in this pointless conflict “Shemetovets said the following.

According to Shemetovets, the organisation encrypts the majority of the railway’s servers, databases, and workstations. In December, they were granted access to the railway’s systems for the first time.

“Backups have been obliterated. AS-Sledd, AS-USOGDP, SAP, AC-Pred, http://pass.rw.by, uprava, IRC, and other databases have all been hacked. In order to minimise emergency circumstances, the automation and security systems were purposefully not impacted by a cyber assault “Shemetovets has been added.

Shemetovets acknowledged that the assault had harmed some Belarusians attempting to utilise the railway system’s ticketing platform, but promised that the system will be restored such that ordinary individuals would not be harmed. By Monday night, the Belarusian Railways website had been restored.

“So far, we’ve only gotten favourable comments (people that were writing to us are ready to put up with it a little so the major goal is achieved). Freight trains were the primary target, but passenger timetables seem to have been impacted as well “Shemetovets said the following.

“The administration has declined to comment. We’ll have to wait a bit longer to see how they were impacted. CPs will continue their activity as long as Lukashenko’s autocracy reigns.”

The government has not responded to demands for comment or issued a statement about the situation. Belarusian Railways, on the other hand, issued a statement confirming the problem and stating that any online resources or services “producing electronic travel papers” are now inaccessible. They went on to say that they are attempting to get the system back up and running, and that consumers should contact their offices for travel papers.

Belarusian Cyber-Partisans have been working to overthrow Lukashenko’s rule since demonstrations erupted in 2020, exposing stolen papers demonstrating massive corruption and police mistreatment. According to Bloomberg, The MIT Technology Review, and The Washington Post, the firm is made up of former Belarusian IT professionals.

Experts in the field of malware told ZDNet that they had never seen ransomware employed in this manner before. Brett Callow, an Emsisoft threat analyst, said he was unaware of any case in which ransomware was used in this manner.

“Ransomware is as successful, if not more effective, than any other instrument in hactivists’ armoury in terms of achieving their goals. And, of course, the entrance hurdles are lower than ever, given to the widespread availability of both user credentials and off-the-shelf ransomware “According to Callow,

Allan Liska of Recorded Future mirrored same sentiments, telling ZDNet that he had never seen anything like it.

“This reminds me of the kidnappings carried out by the Red Brigades in the 1970s and 1980s. Simple kidnappings quickly evolved to more extremist activity and killing. Ransomware has progressed from encrypting single PCs to encrypting whole networks, and the forms of extortion required have changed as well “Liska said.

“This might be the next step in ransomware development, or it could be an anomaly.”