Ransomware Attack Hits Romania’s Water Authority
Romania’s National Directorate for Cyber Security reported a significant ransomware attack on Saturday, targeting approximately 1,000 IT systems within the nation’s water authority, known as Administrația Națională Apele Române. This cyber incident notably impacted 10 out of the 11 regional water basin administrations, affecting areas including Oradea, Cluj, Iași, Siret, and Buzău.
Exploitation of BitLocker Encryption
Investigators revealed that the attackers took advantage of BitLocker, a legitimate Windows encryption feature, to lock files throughout the compromised infrastructure. This evolution in ransomware tactics allowed the criminals to utilize an established encryption tool to execute their malicious activities. The attackers left a ransom note demanding contact within seven days, making their expectations clear regarding the recovery of the locked data.
Scope of the Attack
The ransomware incident affected several critical systems, including Geographical Information System (GIS) application servers, database servers, various Windows workstations, email services, web servers, and Domain Name Servers. Despite the scale of the IT disruption, the operational technologies remained intact, ensuring that daily operations continued without major interruptions.
Hydrotechnical Operations Remain Functional
The Romanian water authority assured the public that the operation of hydrotechnical structures is still functioning smoothly, primarily through dispatch centers communicating via voice channels. The personnel trained for these tasks are managing hydrotechnical constructions locally. Despite the IT systems being compromised, processes such as dam control, flood management, and water distribution continue to operate normally under manual oversight, thanks to protocols established for emergencies.
Ransom Demand and Cyber Security Response
After the attack, a ransom note was transmitted, demanding communication to discuss the recovery of compromised files. In light of this, the National Directorate for Cyber Security emphasized its strict stance against negotiating with cybercriminals, urging victims to refrain from making contact. This approach is aimed at discouraging an ecosystem that thrives on such criminal activity.
Inquiries from media sources about the specific data affected, as well as details on who might be responsible for the attack, were directed back to the IT teams at the National Administration of Romanian Waters and the regional water administrations. Authorities have recommended maintaining distance from external inquiries to better focus on restoring their IT services.
Lack of Cyber Defense Protection
A critical finding from the investigation revealed that the infrastructure of the Romanian water authority was not included in the national cyber defense system, which protects significant IT infrastructures against cyber threats. Steps are now being taken to integrate these systems into the national framework developed by the National Cyber Intelligence Center. This integration aims to enhance cyber protection measures for both public and private infrastructures deemed crucial for national security.
Technical teams from various entities, including the Directorate, the National Administration of Romanian Waters, and the National Cyber Intelligence Center, are actively engaged in investigating the attack and mitigating its effects. This collaboration is essential for restoring functionality and implementing stronger security measures moving forward.
This situation continues to develop, and updates will be provided as new information becomes available.
