Ransomware Attacks Romanian Water Agency, Affects 1,000 Systems
Category : Other News | Sub Category : Other News Posted on 2025-12-23 08:49:14
A Romanian cybersecurity team has confirmed that a ransomware attack has compromised as many as 1,000 computers belonging to Administrația Națională Apele Române. Recovery efforts have so far made little progress, leaving the agency struggling to restore the many systems that were encrypted. The attack struck on December 20, 2025, spreading rapidly across the network. Geographic information system servers, email and web servers, Windows workstations, DNS servers, and even database servers were hit. The agency’s website went offline immediately, forcing officials to use alternative channels for public updates. Administrația Națională Apele Române oversees Romania’s national freshwater system, including rivers, lakes, reservoirs, aqueducts, and flow‑monitoring stations. The attack didn’t stop at the central office—it spread to ten of the country’s eleven river basin management authorities. The Romanian National Cyber Security Directorate (DNSC) is leading the investigation and has examined up to 1,000 affected systems. Despite the scale of the incident, Romanian Waters’ operational functions remain intact. The DNSC confirmed that hydrotechnical operations continue normally, maintained by on‑site staff who kept essential systems running. Authorities have officially classified the incident as a ransomware attack, though the group behind it has not yet been identified. What is known is alarming: files were encrypted, and ransom notes were left behind with a strict seven‑day deadline for Romanian Waters to begin negotiations. This deadline‑driven approach mirrors tactics used by other ransomware groups, many of which now combine encryption with threats to leak stolen data—an increasingly common pattern seen in recent attacks on financial institutions. The DNSC reported that the attackers used Windows BitLocker to encrypt the systems. This unusual choice suggests the involvement of a lesser‑known ransomware group relying on a standard payload. Such groups often operate within the broader cybercriminal ecosystem, using hidden online platforms to coordinate and exchange tools—an approach that caught defenders off guard. The DNSC reiterated its uncompromising stance on ransomware demands, issuing a clear warning: “We repeat that the strict recommendation and policy of the DNSC towards all affected by the attacks is not to reach out nor negotiate with bad actors, to avoid funding or cheering the cybercrime incidents.” The agency also urged the public not to contact IT teams at Romanian Waters or the river basin administrations, emphasizing that these teams must remain fully focused on restoring compromised systems. Further details will be shared as the investigation progresses. The inquiry also revealed that Romanian Waters’ network was not protected under Romania’s national critical infrastructure defense system—similar to the UK NCSC’s Early Warning service. This system monitors critical infrastructure traffic for anomalies and helps stop attacks before they escalate. The DNSC confirmed that this gap is already being addressed, with integration efforts underway: “The necessary steps have started to integrate this infrastructure into the systems developed by CNC to ensure cyber protection for both public and private IT&C infrastructures of key significance to nation-wide security, thanks to intelligent technologies.” The attack on Romanian Waters adds to a growing list of incidents targeting water management authorities across Western nations. Because these systems provide safe drinking water to millions, they represent high‑value national security targets. Just two months earlier, hacktivists breached Canadian systems controlling water, energy, and agriculture—gaining access to tools that could have caused severe damage. The UK and US have also issued warnings after observing similar attacks on their own water authorities. Romania’s experience underscores a stark reality: even essential infrastructure remains vulnerable when basic protections are missing. Strengthening cybersecurity for water systems is no longer optional—it’s urgent.Critical Infrastructure Under Pressure
Romania’s Firm Position on Ransom Payments
A Rising Global Threat to Water Systems
Search
Categories
Recent
-
Vendor Chinodrug Sentenced to 15 Years in Prison for Conspiring to Sell Oxycodone on the Darknet -
Dutch Prosecutors Demand a 3 year sentence against English Man for his role in Bohemia Market -
Europol arrests 193 people in Crackdown on Violence As A Service (VAAS) networks -
How to translate over tor without Javascript: SimplyTranslate -
Crime Pays: Global Ledger reports Five Russian Markets cleared nearly $2 Billion in 2025 -
Top Korea Market seized -
Trainee Real estate agent sentenced for his role in supplying meth -
British police arrest two over ransomware attack on nursery chain Kido International