The hackers are openly against the current political leadership in Belarus and do not want the country to support any Russian attack on Ukraine. This is possibly one of the first instances where ransomware is used in such a manner.
Hacktivists Carry Out Ransomware Attack on Belarusian Railways
The Belarusian Cyber Partisans (BCP) are a group of 20-30 people who are members of Belarus’ IT community. The group came together in August 2020 during protests to Lukashenko’s re-election for a sixth term. Both the opposition and the West believe the election was rigged. The group has encrypted some of the Belarusian Railways’ servers, databases, and workstations. It has branded the country’s President, Alexander Lukashenko, a terrorist, and will only provide the decryption keys after he agrees to their demands. Listed below are BCP’s demands: BCP also clarified that they did not mean to affect regular passengers. The group is working to amend the disruption to online ticket sales. It also decided not to target Belarusian Railways’ automation and security systems. The group also claims it has hacked the Belarusian Interior Ministry’s passport database, as well as a police database. BCP has publicly shared the names of government officials who are harassing peaceful protesters. The group has previously said that it is not collaborating with any foreign governments. However, they added, “We are not against it, as long as it aligns with our depicted goals, to change the regime.”
Hacktivists Aim to Disrupt Russian Troop Movement in Belarus
President Lukashenko has close ties to Russia. In fact, Belarus hosts Russian troops for massive military exercises and currently has over 100,000 personnel at the Belarus-Ukraine border. BCP is against Belarus’ support to Russia in its ongoing stand-off against Ukraine. The group hopes that its cyber-attack will impact the movement of Russian forces. Yuliana Shemetovets, a spokeswoman for the Cyber Partisans, stated that the attack mostly affects freight trains. “We hope it will indirectly affect Russian troops as well but we can’t know for sure. … At this point, it’s too early to say,” Shemetovets added. She also pointed out that the Cyber Partisans broke into Belarusian Railways’ network back in December. At the time, the group gained access to the railway’s signaling and controlling system. However, for safety reasons, it decided not to take any action. BCP also plans to target China-bound cargo in an attempt to cause political damage to the Lukashenko regime. If you found this story interesting and want to learn more about ransomware and how to stay safe online, check out our article here.