For many years, idealistic the hacktivists interrupted corporate and government IT systems in protest actions. Meanwhile, cybercriminals are increasingly taking hostages same kind of enterprise network as ransomware, encrypt their data and blackmail them for profit. Now, in the geopolitically charged case of an attacker’s attack on Belarus’ rail system, those two streams of forced attacks appear to be merging.
On Monday, a group of Belarusian politically motivated hackers known as the Belarusian Cyber Republican Party announced on Twitter and Telegram that they had compromised the computer systems of Belarusian Railways, the country’s national train system, as part of a hacktivist effort that the attackers called Scorching Heat. Hackers have been since posted a screenshot appear to show their access to the railway’s backend systems and claim to have encrypted its network with malware, for which they will only provide the decryption key if the Belarusian government meets a list. list of requirements. They have called for the release of 50 political prisoners held amid the country’s protests against dictator Alexander Lukashenko, as well as a pledge from Belarusian Railways not to transport Russian troops as the Kremlin prepares. prepared for a possible invasion of Ukraine on many fronts .
According to Franak Viačorka, technical adviser to Belarusian opposition leader Sviatlana Tsikhanouskaya, the hackers appeared to have succeeded in making at least some Belarusian Railways databases inaccessible on Monday. Viačorka said he confirmed the loss of the database with Belarusian Railway employees. The railway’s online ticketing system was also removed on Monday; on Tuesday, it showed a message that “work is in progress to restore system performance” but remained offline.
“By order of the terrorist Lukashenka, the #Belarusian Railway allowed the occupiers to enter our land. We encrypted some of BR’s servers, databases, and workstations to disrupt its operations,” the Cyber Partisan hacker wrote on Twitter on Monday, noting that the hackers were careful. Care must be taken not to compromise “security and automation systems” that could cause dangerous conditions for the railway.
Cybersecurity researchers have yet to independently confirm what type of ransomware was used to encrypt the systems of the Belarusian Railways. But Cyber Partisans spokeswoman Yuliana Shemetovets wrote to WIRED that while hackers have permanently deleted some backup systems, others are only encrypted and can be decrypted if hackers provide key. Shemetovets added that the ransomware used by hackers was “specifically created but based on common practice in the field.”
Brett Callow, a ransomware-focused researcher at security firm Emsisoft, said using reversible encryption instead of just wiping targeted machines would represent a new step in the battle. hacktivist art. “This is the first time I can recall NGOs that deployed ransomware for political purposes,” Callow said. “I find this absolutely fascinating, and I’m surprised it hasn’t happened in a long time. It’s much more effective than waving signs outside the puppy testing lab.”
Ransomware — and destructive malware that aims to become ransomware — has certainly been used for political coercion in the past. Such as North Korean hackers planted destructive malware on machines on the Sony Pictures network in 2014. Pretending to be attackers called Peacekeepers, they appear to have sent an email asking for payment before the attack happened, then pressured the company not to release it. Kim Jong-un assassination comedy Interview. In 2016 and 2017 Russian hacker known as Sandworma division of the country’s military intelligence agency GRU, used ransomware masquerading as a means to destroy computers across Ukraine—and finally hundreds of other networks around the world—Making a profit as a cybercriminal. (Unknown hacker there seem to be targeting systems in Ukraine with the same trickon a much smaller scale, earlier this month.)
