Reading Time: 2 minutes

Belarusian activists have launched a ransomware attack on the Belarusian railway system in protest of the movement of Russian troops through the country. The cyber-activists threaten to paralyze the railway system in the country, disrupting trains moving Russian military troops through Belarus for a potential attack on Ukraine.

The Belarusian Cyber-Partisans took to Twitter on Monday, saying they have hijacked the railway systems after President Lukashenko allowed Russian troops to move through the country. The group has listed a few demands in exchange for the encryption keys.

The group Tweeted:

“At the command of terrorist Lukashenko, #Belarusian Railway allows the occupying troops to enter our land. We encrypted some of BR’s servers, databases and workstations to disrupt its operations. Automation and security systems were NOT affected to avoid emergency situations.”

The group demands that they will return the encryption keys if the government releases 50 political prisoners who need medical assistance. Another condition is to stop the presence of Russian troops in the country.

The activists said that they have not taken any drastic steps to paralyze the entire railway system, but they “might do that in the future if we’re confident innocent people won’t get injured as a result.”

Belarusian Defence Ministry said on Monday that Russian troops are coming to the country for joint military exercises. They also said that Russia is also sending Su-35 fighters with S-400 battalions and an air defence system as part of the exercise. However, according to US officials, it is all part of a possible Russian invasion of Ukraine.

The spokesperson of the activist group, Yuliana Shemetovets, said that their goal was to disrupt the Russian troop’s movement through Belarus and the potential attack on Ukraine.

“We don’t want Russian soldiers in Belarus since it compromises the sovereignty of the country and puts it in danger of occupation. It also pulls Belarus into a war with Ukraine. And probably Belarusian soldiers would have to participate in it and die for this meaningless war,” says Shemetovets.

Shemetovets said that they have destroyed all backups and have attacked several databases, including ASSledd, SAP,, IRC, and more. Security systems were not attacked in order to avoid emergency situations. Their main goal was to target the freight trains carrying Russian military equipment, but passenger ticketing systems and the schedule was also affected. However, the Railway website was back online by Monday.

The Cyber-Partisans said that “as long as Lukashenko’s dictatorship regime stays, CPs will continue their work.” Since the protests against the Belarusian president in 2020, activists have leaked documents online regarding widespread corruption.

According to MIT, the Cyber-Partisans are 25 anonymous former IT workers from Belarus who have managed to pull impressive attacks against the government in the past few years. They have also obtained access to confidential information such as passport databases, secret files of Belarusian KGB spies, police databases, and CCTV networks.

“Since it became very dangerous for people to openly protest against the regime, we now became the only froce capable of operating in Belarus. We show real results of our work both by hacking and attacking government insitutions and conducting phyiscal impact operations” – said a member of the group identified by the letter Ж (Zh).

To confirm that they have access to the recent database, Zh sent a Guardian correspondent his travel records in and out of Belarus, dating back to 2016. The data would help them identify Russian spies crossing Belarus along with travel details of Lukashenko and his close circle.

Zh also said, “we know now more about his assets, his lovers, and secret criminal schemes.” The government is shaken regarding these attacks as Lukashenko told his ministries, “If you cannot…protect information on your computers, then go back to using paper…write by hand and put it on your desk.”

Zh further wrote that “we are concerned for our safety, and to be honest our lives. The Belarusian government tries to infiltrate us but has not succeeded as of yet.”

The government has not released an official statement regarding the situation, but Belarusian Railways has acknowledged the issue saying its services are temporarily unavailable.

Ransomware experts have never seen ransomware used in such as way. Brett Callow, Emsisoft threat analyst said, “ransomware is an effective tool in terms of helping activists achieve their goals”. It has been made easier with ready-made ransomware being available online.

Allan Liska od Recorded Future said that “Ransomware has evolved from encrypting single machines to whole networks, and the types of extortion demanded has continued to evolve.”

Considering the current tension between Russia and Ukraine, the Department of Homeland Security has also warned American local governments regarding potential cyberattacks from Russian proxies if the US and NATO interfere in the possible attack on Ukraine.