Romania’s national cybersecurity agency has confirmed that a major ransomware attack has compromised around 1,000 systems belonging to the country’s water management authority, with remediation efforts still ongoing.
The Romanian National Cyber Security Directorate (DNSC) said the attack targeted Administrația Națională Apele Române (Romanian Waters), affecting a wide range of infrastructure, including geographical information system (GIS) application servers, database servers, Windows workstations and servers, email and web servers, and domain name servers. Romanian Waters’ public website remains offline, with official updates being shared through alternative channels.
Romanian Waters oversees critical national infrastructure, including dams, waterways, drinking water supplies, and water monitoring systems.
According to the DNSC, the attack began on December 20 and spread to ten of the country’s 11 river basin management organizations. Authorities said that operational capabilities were not affected. Hydrotechnical operations continue to function normally and are being managed locally by on-site staff.
Investigators have found that the attackers used the built-in Windows BitLocker security feature to lock files on compromised systems, then left a ransom note demanding that they be contacted within 7 days.
The agency reiterated its policy of advising victims not to contact or negotiate with attackers and urged the public to avoid contacting Romanian Waters’ IT teams while restoration efforts continue.
The incident follows similar attacks and warnings in countries including Canada, the UK, and the United States.