Ransomware Attack Compromises 1,000 Systems in Romania’s Water Authority

Published:

spot_img

Ransomware Attack Hits Romania’s Water Authority

Romania’s National Directorate for Cyber Security reported a significant ransomware attack on Saturday, targeting approximately 1,000 IT systems within the nation’s water authority, known as Administrația Națională Apele Române. This cyber incident notably impacted 10 out of the 11 regional water basin administrations, affecting areas including Oradea, Cluj, Iași, Siret, and Buzău.

Exploitation of BitLocker Encryption

Investigators revealed that the attackers took advantage of BitLocker, a legitimate Windows encryption feature, to lock files throughout the compromised infrastructure. This evolution in ransomware tactics allowed the criminals to utilize an established encryption tool to execute their malicious activities. The attackers left a ransom note demanding contact within seven days, making their expectations clear regarding the recovery of the locked data.

Scope of the Attack

The ransomware incident affected several critical systems, including Geographical Information System (GIS) application servers, database servers, various Windows workstations, email services, web servers, and Domain Name Servers. Despite the scale of the IT disruption, the operational technologies remained intact, ensuring that daily operations continued without major interruptions.

Hydrotechnical Operations Remain Functional

The Romanian water authority assured the public that the operation of hydrotechnical structures is still functioning smoothly, primarily through dispatch centers communicating via voice channels. The personnel trained for these tasks are managing hydrotechnical constructions locally. Despite the IT systems being compromised, processes such as dam control, flood management, and water distribution continue to operate normally under manual oversight, thanks to protocols established for emergencies.

Ransom Demand and Cyber Security Response

After the attack, a ransom note was transmitted, demanding communication to discuss the recovery of compromised files. In light of this, the National Directorate for Cyber Security emphasized its strict stance against negotiating with cybercriminals, urging victims to refrain from making contact. This approach is aimed at discouraging an ecosystem that thrives on such criminal activity.

Inquiries from media sources about the specific data affected, as well as details on who might be responsible for the attack, were directed back to the IT teams at the National Administration of Romanian Waters and the regional water administrations. Authorities have recommended maintaining distance from external inquiries to better focus on restoring their IT services.

Lack of Cyber Defense Protection

A critical finding from the investigation revealed that the infrastructure of the Romanian water authority was not included in the national cyber defense system, which protects significant IT infrastructures against cyber threats. Steps are now being taken to integrate these systems into the national framework developed by the National Cyber Intelligence Center. This integration aims to enhance cyber protection measures for both public and private infrastructures deemed crucial for national security.

Technical teams from various entities, including the Directorate, the National Administration of Romanian Waters, and the National Cyber Intelligence Center, are actively engaged in investigating the attack and mitigating its effects. This collaboration is essential for restoring functionality and implementing stronger security measures moving forward.


This situation continues to develop, and updates will be provided as new information becomes available.

spot_img

Related articles

Recent articles

AI Enhances Attack Speed and Efficiency, But Defenders Can Leverage Existing Knowledge to Mitigate Risks

The Unit 42 2026 Global Incident Response Report from Palo Alto Networks highlights how threat actors are leveraging AI to enhance the speed and...

Lapses in Identity Lead to 79% of Ransomware Attacks, Sophos Report Reveals

According to a recent report by Sophos, lapses in identity are responsible for 79% of ransomware attacks, highlighting a critical area of concern for...

NSU Launches Cybersecurity Center to Enhance Research and Workforce Development in Bangladesh

North South University (NSU) has inaugurated its Cybersecurity Center to advance research, develop skilled professionals, and strengthen Bangladesh's resilience against emerging cyber threats. This...

Siemens ROX II Switches Vulnerable: Update to Firmware V2.17.1 to Mitigate CVE-2025-40948, CVE-2025-40947, and CVE-2025-40949 Exploits

Siemens has issued an advisory regarding three critical zero-day vulnerabilities (CVE-2025-40948, CVE-2025-40947, and CVE-2025-40949) affecting its ROX II operational technology (OT) switches. These vulnerabilities...