Hackers say they encrypted Belarusian Railway servers in protest

A group of hackers (known as Belarusian Cyber-Partisans) claim they breached and encrypted servers belonging to the Belarusian Railway, Belarus’s national state-owned railway company.

They say their attack was prompted by Russia using Belarusian Railway’s rail transport network to move military units and equipment into the country.

“At the command of the terrorist Lukashenka, Belarusian Railway allows the occupying troops to enter our land,” the group said today on Twitter.

“We encrypted some of BR’s servers, databases and workstations to disrupt its operations. Automation and security systems were NOT affected to avoid emergency situations.”

The Belarusian Cyber-Partisans hacktivists say they have the encryption keys for the compromised Belarusian Railway servers. They added that they’re also ready to return the systems to normal mode under some conditions.

They ask for the release of 50 political prisoners in need of medical assistance and want the Russian troops out of Belarus.

On their Telegram channel, the group also shared screenshots from systems compromised in the incident, showing they had access to internal Belarusian Railway systems, Veeam backup servers, the Windows domain controller, and the backup server that contains tens of terabytes allegedly awaiting destruction.

One of the snapshots also shows the Belarusian Railway’s online ticket service throwing an error when running an SQL query.

While Belarusian Railway has not issued an official statement, the company published an ‘Attention passengers!’ alert on its website today warning of ongoing problems with issuing electronic travel documents.

“For technical reasons, reference web-resources of the Belarusian Railways and services for issuing electronic travel documents are temporarily unavailable. To arrange travel and return electronic travel documents, please contact the ticket office.” the company says.

“Currently, work is underway to restore the performance of the systems. Belarusian Railways apologizes for the inconvenience caused.”

The hackers say today’s attack is part of a more extensive campaign they dubbed “Inferno,” “the largest sabotage cyberattacks in the history of Belarus.”

Today’s attack follows another incident from November when they allegedly compromised and encrypted the entire network “of the Academy of Management under the President.”

The first target was Academy of Public Administration of #Belarus.

We encrypted their whole network.

Left the msg on their PCs they can’t ignore.

Scratched the investigation into our previous Academy hack .

Blocked their website: https://t.co/XnCzZywFCd

More to come! https://t.co/ofmE6VJALX

— Belarusian Cyber-Partisans (@cpartisans) November 17, 2021