Hackers Strike Ukraine’s State Railway Company, Block Online Ticket Sales

Hackers struck Ukraine’s State Railways Company, Ukrzaliznytsia (UZ), blocking online train ticket purchases and online cargo shipment documentation across the country. 

“We can now officially confirm that Ukrzaliznytsia’s servers and IT resources have been subjected to an unprecedented cyberattack – targeted, complex, and multi-layered,” Chairman of the Board Oleksandr Pertsovskyi wrote in his Facebook post. 

Kyiv Post wrote a request to Pertsovskyi asking about the aim and type of attack but had not received a response at the time of publishing. 

On Sunday, March 23, hackers caused a crash in UZ’s IT systems, blocking online ticket sales and cargo registration – with the systems still not functioning Monday at the time of publication.

Oleksandr Shevcheko, the deputy director of communications and passenger services, called the incident a “record-breaking cyberattack” in a Facebook post. 

However, the cyber attack didn’t manage to disrupt train traffic, UZ wrote, as passengers could still buy tickets at ticket counters, and cargo traffic was switched to paper-based documentation.

“Absolutely all trains – both those of interest to the enemy and those that are not – are running as scheduled,” Shevchenko wrote. 

Ukrzalisnytsia’s Facebook page reported that passengers wait time was “no more than 15 minutes” to purchase train tickets offline.“Train station employees are constantly monitoring the queues. Currently, they are no longer than those for morning coffee, with the wait time being about 15 minutes.”

Ukrzaliznytsia, which served 23 million passengers in 2023, has been working to restore its IT systems alongside specialists from the Cyber Department of the Security Service of Ukraine, Pertsovskyi said. 

How Ukrzaliznytsia is coping 

To handle the increase in offline ticket sales, on Monday, UZ has added staff and extended working hours at ticket counters, Pertsovskyi wrote. 

UZ, which typically only sells international tickets online, will also be selling these tickets offline.

As an emergency, passengers needing to catch a train but unable to purchase their tickets in time will be able to purchase tickets aboard their trains.

“Our train crews have been instructed on how to process tickets on board (we apologize in advance—seats in all classes may not be available, but we are committed to getting everyone to their destination!),” Pertsovskyi wrote. 

Pertsovskyi asked passengers with non-urgent needs to avoid coming to ticket counters on Monday. 

“On a typical Monday, up to 100,000 passengers buy tickets through all sales channels. Only 10,000 usually buy at ticket counters. If all 100,000 try to purchase at ticket counters today, there will be a tenfold surge and long queues,” he wrote. 

Hungarian railways workers fined Ukrainians unable to access their tickets

Despite assurance from Ukrainian staff that railways abroad would be informed about the cyberattack, Hungarian railway employees reportedly fined at least three Ukrainian passengers traveling without tickets. 

One passenger, Anna Trushyk, told Kyiv Post that she had been traveling with her child and a disabled person on a Kyiv-Vienna train transiting through Hungary. 

Trushyk wrote UZ support services in Facebook comments, saying Hungarian employees would “not believe her evidence” that she could not show her ticket due to the cyberattack.

“We paid a fine of €250 ($271) in Hungary. They weren’t interested in [the hack] at all. There were only two options: either they made us get off or we had to pay a fine. Since we were traveling with a small child and a person with a disability, we had no choice but to pay the fine,” Trushyk wrote Kyiv Post via text message.

According to Trushyk, when she told Ukrzaliznytsia about what had happened, UZ told her that: “This is a violation of the agreements with our Hungarian colleagues.”

Both Trushyk and UZ will now have to write a formal complaint to state the fine was imposed illegally, Trushyk said. 

Kyiv Post wrote a request for a comment to Hungarian railway company MÁV Group regarding the issue. 

At the time of publication, MÁV Zrt. Communications Directorate had received the email and replied that it would “immediately begin gathering the information necessary to respond.” 

Cargo train traffic working steadily thanks to paper backups

Cargo shippers will use paper documents until online services are restored, Valeriy Tkachov, Deputy Director of the Transportation Technology and Commercial Operations Department, told Rail.insider. 

Cargo companies should prepare their documents and submit them to the freight office at departure stations. When there’s no freight office, the station duty officer or their deputy can accept documents. Station officers should also have blank railway waybills available, he said.

UZ will switch back to online documentation, once systems are restored, Tkachov told Rail.insider. 

The hackers are so far unnamed

This is not the first cyberattack on UZ, Pertsovskyi wrote: “Over the years, Ukrzaliznytsia has frequently been a target of enemy [Russian] cyberattacks, prompting us to build strong protection mechanisms in advance.”  

But this time the attack is a “highly systemic, non-trivial” attack with a “multi-layered nature.”

“Despite physical attacks on infrastructure, the railway keeps moving – and even the most insidious cyberattacks won’t stop it!” Pertsovskyi wrote.