Ukrzaliznytsia, Ukraine’s national railway operator, has been hit by a massive cyberattack that disrupted online services for buying tickets both through mobile apps and the website.
The incident forced people to booths to buy physical tickets, causing overcrowding, delays, long waiting times, and frustration.
With trains being the only reliable and relatively safe means for people to travel within Ukraine and internationally, the cyberattack is having a significant impact, Daryna Antoniuk reports.
.png)
The disruption started yesterday, as Ukrzaliznytsia confirmed in an official statement on multiple communication channels, apologizing for the inconvenience.
The organization has increased staff at the points of sale to accommodate the sudden increase in servicing needs, but queues remain long.
Members of the military were given the possibility to purchase tickets on board by the train conductor so the situation wouldn’t impact their movement.
Also, civilians who purchased their tickets online prior to the cyberattack, but are now unable to download them, are advised to use the PDF copy sent to their email or show up at the train station 20 minutes before departure and explain their situation to the officials.
Those traveling tomorrow are requested not to crowd ticket offices today, as the staff is working hard to accommodate passengers traveling today.
Despite difficulties with the online ticket-selling platform, Ukrzaliznytsia noted in its announcement that traveling operations weren’t impacted by the cyberattack.
The organization underlined how multiple cyberattacks suffered over the past few years have reinforced its response protocols and resilience.
“The key objective of the enemy failed: train traffic remains stable, running on schedule without delays, and all operational processes have been switched to backup mode,” reads the latest update from Ukrzaliznytsia.
“The railway continues to operate despite physical attacks on infrastructure, and even the most devious cyberattacks cannot stop it.
“As Ukrzaliznytsia has previously been a target of enemy cyberattacks, backup protocols have been implemented within the company.”
The organization called the attack “highly systematic and multi-layered,” and assured that it’s working with experts from the SBU Cyber Department and the Government Computer Emergency Response Team (CERT-UA) to close any security gaps and bring impacted systems back online. However, no specific timelines for recovery were provided at this time.
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
