Ransomware Attack on Romanian Waters Authority \u2013 1,000+ IT Systems Compromised
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Romania\u2019s National Administration \u201cApele Rom\u00e2ne\u201d (Romanian Waters) disclosed a severe ransomware attack<\/a> on December 20, 2025.<\/p>\n That compromised approximately 1,000 IT systems across the agency and 10 of its 11 regional water basin administrations.<\/p>\n The incident affected critical infrastructure responsible for managing the country\u2019s water resources and hydrotechnical operations. However, operational technologies remained secure throughout the breach<\/a>.<\/p>\n The cyberattack impacted multiple system categories, including Geographical Information System (GIS) application servers, database servers, Windows workstations and servers, email and web servers, and Domain Name Servers (DNS<\/a>).<\/p>\n Investigators discovered that attackers exploited BitLocker, a legitimate Windows encryption<\/a> mechanism, to lock files on compromised systems.<\/p>\n The affected water basin administrations include facilities in Oradea, Cluj, Iasi, Siret, and Buz\u0103u. Attackers delivered a ransom note demanding contact within seven days.<\/p>\n The National Directorate of Cyber Security (DNSC) maintains its strict policy against contacting. Negotiating with cybercriminals discourages victims from financing criminal operations.<\/p>\n Technical teams from DNSC, the National Cyberint Center (CNC) within the Romanian Intelligence Service<\/a>, and other cybersecurity authorities are actively investigating the incident and working to restore affected systems.<\/p>\n Despite the widespread system compromise, operational technologies<\/a> (OT) controlling hydrotechnical structures remained unaffected. Allowing critical infrastructure operations to continue within normal parameters.<\/p>\n Dispatchers coordinate operations using telephone and radio communications, while serving personnel operate hydrotechnical constructions locally. Forecasting and flood defense activities experienced no disruption.<\/p>\n The investigation revealed<\/a> that Romania\u2019s national system did not previously protect Romania\u2019s water infrastructure. For safeguarding critical IT infrastructures against cyber threats, operated by CNC.<\/p>\n Authorities have initiated steps to integrate this infrastructure into the national cyber protection<\/a> system designed for both public and private critical IT infrastructures.<\/p>\n The incident highlights ongoing vulnerabilities in water utility infrastructure, which increasingly attracts ransomware operators targeting essential public services.<\/p>\n As investigations continue, authorities emphasize that restoring IT services remains the priority while maintaining the operational safety of Romania\u2019s water management systems.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Ransomware Attack on Romanian Waters Authority \u2013 1,000+ IT Systems Compromised<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nOperational Impact<\/strong><\/h2>\n