The network of the Belarusian Railway may be attacked again.
The Cyber Partisans claimed to have attacked the computer network of the Belarusian Railway, after which it was reported that the Belarusian Railways had a system failure: servers and internal services stopped working, tickets could only be purchased through ticket offices.
Belsat reporters spoke to a representative of the Cyberpartisan community about the incident.
- Is it reasonable to believe that without the encryption keys the Belarusian Railway cannot operate as usual and will not recover from this attack for some time?
- We may assume that despite we have deleted 100 terabytes of backups of the databases, the Belarusian Railways may still have copies of some databases that have not been deleted and they may be able to restore some of them, but it will take at least several weeks and there will still be databases that will have to be built from the scratch. And if our demands are not met, it is possible that the network could be attacked again.
- What are the consequences of your actions for the railway and the authorities in general?
- According to our information, train delays have already begun. We assume that there will be more delays in the coming days and weeks until the network and systems of the Belarusian Railways are back to normal.
- Have you already received any response from the railway or from the regime?
- The regime representatives have not contacted us yet.
- You have set some conditions for the regime, do you really expect it to work out?
- I think they need a few more days to realise the seriousness of the damage and to decide on their next steps. The longer they wait, the worse their situation will be. Our representatives are ready to receive a request from them at any time in order to unblock the network and stop the cyber attacks.
- How difficult was it from the technical point of view?
- The cyber attack on the Belarusian Railways network was much more complicated than the attack on the MIA network, because not only did they have to read the databases, they also had to write into them, and find all the backups and destroy or encrypt them. This operation was one of our most complex cyber operations.
The cyber partisans explained the January 24 cyber attack by the fact that these days "Lukashenka's regime is letting occupation troops onto our land."
"As part of the "Pekla" cyber campaign, we encrypted the bulk of the servers, databases and workstations of the Belarusian Railways in order to slow down and disrupt the operation of the road. The backups have been destroyed," the cyber partisans said via the channel.
It is reported that dozens of databases were subjected to a cyber attack. Automatics and security systems were deliberately left untouched by the cyberattack to avoid emergencies.