Photo: Depositphotos
KYIV, 24 March 2025. A large-scale cyberattack has completely shut down Ukrzaliznytsia’s online ticketing services, causing long queues at railway stations. Ukrainian officials described the incident as a planned attempt to “destabilise” the situation in the country and suggested a Russian connection. More than a day later, experts are still trying to restore the system, although train traffic has remained uninterrupted and is being carried out according to backup schemes, Reuters reports.
Passengers in queues due to system failure
Passengers stand in line at a ticket office at a railway station: due to a cyber attack, tickets can now only be purchased offline. Online train ticket sales have been unavailable since Sunday evening, when Ukrzaliznytsia reported a large-scale IT system failure. Passengers were advised to buy tickets exclusively at railway ticket offices or directly on trains. On Monday morning, long queues of people lined up at Kyiv Central Station waiting to buy tickets offline. The ticket offices were selling tickets only for the nearest dates, no further than Tuesday, which made it difficult for many passengers to plan their trips. According to eyewitnesses, a similar situation was observed at other major railway stations across the country, with people arriving in large numbers in advance to buy tickets at the ticket offices.
Ukrzaliznytsia: an unusual and multi-stage attack
The state railway company confirmed that the failure was caused by a targeted hacker attack. In an official statement, Ukrzaliznytsia said that the latest cyberattack was “very systematic, unusual and multi-stage”. According to the company, the attackers carried out a complex, multi-level impact on the carrier’s IT infrastructure. Before fully restoring the systems from backups, the railway’s IT specialists, together with specialists from the SBU Cyber Department, thoroughly check the services for possible vulnerabilities to ensure that the threats are eliminated and the attack does not recur. “Ukrzaliznytsia notes that it has been the target of enemy hacker attacks many times before, so the company has implemented backup protocols in advance to deal with such incidents. As a result, critical traffic control systems were transferred to backup servers, and train traffic did not stop for a single minute, despite the paralysis of online services.
Suspicion of a Russian trace
So far, no one has officially claimed responsibility for the cyberattack. At the same time, Ukrzaliznytsia directly blames the “enemy” – a way Ukrainian officials often use to describe Russia’s actions in a veiled way in wartime. Authorities say that the nature and goals of the hacker attack point to the possible involvement of Russian cyber groups. In particular, a source in the Ukrainian intelligence service and a senior government official (on condition of anonymity) told the media that the attack was most likely carried out by Russian hackers. According to the sources, the large-scale hack was intended to put psychological pressure on Ukrainians and destabilise the socio-political situation in the country. “It was an attack by a hacker group. We believe they are Russians. The damage is severe, but not critical,” one government official was quoted as saying, adding that the aim was to sow destabilisation. Official Moscow has not yet commented on the incident. The State Service for Special Communications and the Security Service of Ukraine (SBU) emphasise that since the beginning of the full-scale war, Russia has repeatedly attacked Ukrainian public and private online services in an attempt to sow chaos in the rear.
Railways are a critical network in times of war
The Ukrainian railway is a vital transport artery, especially in times of war. Since the Russian invasion of Ukraine in February 2022, when the skies over the country were closed, trains have effectively become the main mode of transport for passengers and goods both domestically and internationally. Ukrzaliznytsia ensures the mobility of millions of people in a country twice the size of Italy and is a key channel for the delivery of military equipment, humanitarian aid and food. The railway infrastructure has been repeatedly targeted by Russian missile strikes during the war, but the railway workers managed to quickly repair damage to tracks and bridges. By the end of 2024, the railway carried about 20 million passengers and 148 million tonnes of cargo, Deputy Prime Minister Oleksiy Kuleba said late last year. According to him, these are record figures, exceeding even the pre-war level of passenger traffic. Oleksandr Pertsovskyi, Chairman of the Board of JSC Ukrzaliznytsia, also noted that for the second year in a row the company has managed to carry more than 20 million passengers on its own, despite all the challenges of wartime. Such a large-scale operation of the railway was made possible by the dedication of its employees, who are known in Ukraine as the “iron heroes” of the home front.
Trains continue to run without delays
A passenger looks out of a train stopped on the platform of Kyiv Central Station on 24 March 2025. Despite the attack, train traffic remained stable, with all trains running, albeit in offline ticketing mode. “Operational traffic did not stop for a moment. The enemy attack was aimed at stopping trains, but we quickly switched to backup systems,” assured Oleksandr Pertsovsky, Chairman of the Board of Ukrzaliznytsia. According to him, the company has adequately dealt with the consequences of the cyber attack: “No trains were cancelled and the timetable was maintained without significant disruptions. Experts continue to work on restoring online ticketing services and plan to return them to normal in the near future. Officials urge citizens to remain calm: the railway continues to operate in full, and the enemy’s attempts to sow panic and chaos will not succeed.
