RIA on Elron cyberattack: It is likely that it will happen again

Computer keyboard.
Computer keyboard. Source: Priit Mürk/ERR

The cyberattack that began on Wednesday had a major impact on Elron ticket sales. The company has never experienced a system outage of this scale before, and the RIA believes it will not be the last.

On Wednesday at noon, Elron Train customer service representatives realized something was wrong. Payments were not processed, and access to the ticketing system was disabled. It became clear that Elron's ticketing system, managed by the company Ridango, had come under cyberattack.

"Yesterday morning, Ridango's systems were subjected to a Distributed Denial of Service (DDoS) attack, during which attempts were made to obstruct our applications and overload the servers in order to render external services inaccessible. /.../ So it was challenging to sell tickets online, and it was also difficult to sell tickets on Elron trains," Erki Lipre, Ridango manager, said.

The pilet.ee online environment was also disrupted, as tickets for multiple bus routes were unavailable and service stations did not sell tickets. By Thursday noon, the situation had returned to normal.

Tõnu Tammer, head of incident response (CERT-EE) department at the Estonian Information System Authority (RIA), said that in addition to transport companies, local authorities were also targeted.

"The initial target list was in the order of 15-20 different targets, but only a few had an effect. Indeed, the failure of Elron's ticketing environment was the most apparent, but there were also minor failures in other areas.

According to the RIA, a pro-Russia hacker group was behind the attack.

Such attacks have happened before and cyber criminals have been particularly active in recent weeks.

"There was an attack some time ago; it was smaller, and Ridango got it under control in a couple of hours. This one was actually going on for two days; it hasn't been like this before," Ardo Roosenberg, Elron's customer service manager, said.

It remains to be seen whether or how much Ridango will have to pay in damages.

"As a result of the fact that a large number of people in Estonia rely on public transportation, a substantial number of people have been affected. It had an effect on passengers, on our consumers, on public transportation hubs, and on Elron," Lipre said.

According to the RIA, cyber attack targets are frequently attacked repeatedly, so this may not be the last  one.

"As it is highly likely that a similar assault will occur within the next month, couple of months, or quarter, it is prudent to draw conclusions and consider next actions after an assault has occurred," Tammer said.


Follow ERR News on Facebook and Twitter and never miss an update!

Editor: Kristina Kersa

Hea lugeja, näeme et kasutate vanemat brauseri versiooni või vähelevinud brauserit.

Parema ja terviklikuma kasutajakogemuse tagamiseks soovitame alla laadida uusim versioon mõnest meie toetatud brauserist: