The cyberattack that disabled Ukrainian Railways' (Ukrzaliznytsia) ticketing system was a terrorist act that employed "tactics, techniques, and procedures typical for Russian intelligence services," top cybersecurity official Yevheniia Nakonechna said on April 1.
The company's website and app became unavailable on March 23 over what was initially described as a "technical failure." The next day, Ukrainian Railways said it had been targeted by a "large-scale and sophisticated cyberattack" carried out by "the enemy."
On the morning of March 27, the company said that its website and app were restored after "89 hours of non-stop work" and that it had sold more than 12,000 tickets since the restoration of online services.
"The failure of the ticketing system impacted the provision of public services. The enemy is well aware that such cyberattacks are extremely painful and critical. Therefore, in essence, it was a terrorist act," said Nakonechna, head of the State Center for Cyber Defense of the State Service for Special Communications and Information Protection.
Perpetrators used malware developed considering the specifics of Ukrainian Railways' infrastructure. According to Nakonechna, preparing for such a cyberattack requires significant resources.
Ukrainian Railways has restored 90% of its online passenger services as of April 1. Work is underway to restore services for shippers, with the estimated date of completion in early April.
The restoration of online services involved a thorough check of backup files for hidden threats and the implementation of additional cybersecurity measures. IT specialists from government agencies and businesses are assisting Ukrainian Railways, the top cybersecurity official added.
