IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Belarusian hacktivists target railway in bid to halt Russian military

The incident is thought to be one of the first times ransomware has been used in hacktivism

Belarusian hacktivists claim to have infected the country's rail network with ransomware in a bid to stop the Russian military from mobilising around Ukraine.

The Cyber Partisan hacktivists claim to have encrypted "the bulk of the servers, databases, and workstations" belonging to the Belarusian Railways, and destroyed their backups, according to posts on Telegram and Twitter.

Cyber Partisan is demanding the release of 50 political prisoners who are in need of medical assistance and assurances that Russian troops will stop mobilising on Belarusian soil - a country that shares a border with Ukraine and whose leader has a close relationship with Vladimir Putin.

"BelZhD, at the command of the terrorist Lukashenko, these days allows the occupying troops to enter our land," the Telegram message read. "As part of the 'Peklo' cyber campaign, we encrypted the bulk of the servers, databases, and workstations of the BelZhD in order to slow down and disrupt the operation of the road. The backups have been destroyed.

"Dozens of databases have been cyberattacked, including AS-Sledd, AS-USOGDP, SAP, AC-Pred,, uprava, IRC, etc. Automation and security systems were deliberately NOT affected by a cyber attack in order to avoid emergency situations."

In the online posts, the group echoed the message shared by Belarusian rail workers on Friday that more than 33 Russian military trains containing equipment and soldiers would be entering Belarus. The message was also corroborated by reports from other news outlets.

Belarusian Railways published a statement on Monday confirming that it was experiencing difficulties and that some services were unavailable, though no mention of compromised systems, databases, or servers was mentioned - nor was ransomware.

"For technical reasons, services for issuing electronic travel documents are temporarily unavailable," it said. "To arrange travel and return electronic travel documents, please contact the ticket office.

"Currently, work is underway to restore the performance of the systems. Belarusian Railways apologises for the inconvenience caused."

At the time of writing, IT Pro can confirm online ticket sales are still impacted and are unavailable, with customers greeted with the following message.

Screenshot of the message appearing on Belarusian Railways website when trying book tickets online

IT Pro

Tensions in the region

Russia has seized Ukrainian territory in the past and in recent months has stepped up its calls against Ukraine joining European institutions, with a particular focus on Nato. Ukrainians have been preparing for a possible invasion by Russia for months, with many in the region fearful of a war looming.

Related Resource

Seven leading machine learning use cases

Seven ways machine learning solves business problems

Whitepaper front coverFree Download

In recent weeks, both the US and UK have withdrawn significant numbers of embassy staff and their families out of the region, which may indicate that the two allies believe an invasion is likely. 

Today, the US has placed 8,500 of its soldiers on alert amid mounting tensions of Russian troops mobilising at the Ukrainian border. Western powers are showing unanimous unity on the matter, saying they will step in with "swift" and "unprecedented" actions if Russia was to invade Ukraine.

The news follows days of unsuccessful negotiations between President Biden and President Putin in Geneva - failed talks that also prompted the FBI, NSA, DHS, and CISA to issue an alert to cyber security professionals that a Russian-linked cyber attack may be launched on critical infrastructure in relation to the worldwide tensions.

"The cybersecurity industry has gotten used to tossing around the idea of ‘nation-state’ adversaries, but I think we’ve yet to see cyber attacks used in concert with a full-fledged military campaign," said Tim Erlin, VP of strategy at Tripwire to IT Pro. "DHS’s warning sets that expectation that something has changed in the threat profile, and that organisations should be prepared for a change in the types of attacks they see."

Brief overview of hacktivism

It's thought the alleged ransomware attack on Belarusian Railways is one of the first times ransomware has been used in hacktivism but the practice of campaigning by hitting systems offline is well documented.

There were a number of high-profile hacktivist 'attacks' in 2021 alone, with right-wing social media platform Parler, and Verkada's surveillance cameras among the victims targeted by hackers. The Adalat Ali hacking group also exposed the beatings and mistreatment of prisoners in Iran's Evin prison in August 2021 out of protest against the abject living conditions.

Anonymous, LulzSec, and WikiLeaks are among some of the most well-known hacktivist groups in the world.

Hacktivism is a controversial practice with some seeing it as an effective means of campaigning while others believe the level of civil disobedience, and often the damage such attacks cause, goes beyond the acceptable level of resistance exhibited in more traditional forms of protest.

The US sees hacktivism as a significant threat and are categorised similarly, in the eyes of the law, to terrorist groups and transnational criminal organisations.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download


What is cyber warfare?

What is cyber warfare?

15 Oct 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Costa Rica declares state of emergency following Conti ransomware attack

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
16 ways to speed up your laptop

16 ways to speed up your laptop

13 May 2022