Cyber Attack Disrupts Ukrainian Railway’s Online Services

Ukrainian state railway operator Ukrzaliznytsia was formally and definitively attacked by a large-scale, multi-layered cyberattack that disrupted its online services, particularly the mobile app and website used for ticket purchases. Despite this, train schedules remained unaffected, and all physical train operations continued uninterrupted. As a result of the attack, significant queues formed at Kyiv’s central railway station and other major stations, where dozens of commuters were forced to purchase tickets in person, as the mobile and online systems were offline. Ukrzaliznytsia promptly doubled the number of ticket window staff, prioritizing those traveling soon. The organization also facilitated onboard ticket purchases for military personnel, while civilians were advised to bring previously emailed PDF tickets or arrive at the station early to explain the situation.
The operator described the incident as “systematic, complex, and multi-layered” and confirmed that backup protocols were rapidly activated. All affected systems, from the ticketing platforms to internal document management and corporate email, have been carefully restored from backups, with thorough security checks to detect potential threats before reactivating them.