Romania’s National Cyber Security Directorate (DNSC) has confirmed a major ransomware attack on the country’s water management agency, compromising around 1,000 systems. Remediation efforts are ongoing.
Administrația Națională Apele Române (Romanian Waters) reported that its servers, workstations, email, web servers, and domain name servers have all been affected. The agency’s website is offline, with official updates shared via alternative sources.
Romanian Waters, which manages the country’s water infrastructure, said the attack, which began on December 20, also spread to ten of Romania’s eleven river basin management organizations. However, operational capabilities have not been impacted, and hydrotechnical operations are continuing as normal.
The attackers encrypted files and left ransom notes demanding negotiations within seven days. While the attack is being classified as ransomware, the DNSC noted that the use of Windows’ BitLocker tool suggests it may not be the work of a known ransomware group.
Administrația Națională Apele Române (Romanian Waters) reported that its servers, workstations, email, web servers, and domain name servers have all been affected
“We reiterate that DNSC’s strict policy and recommendation towards all victims of ransomware attacks is to neither contact nor negotiate with cyberattackers, to avoid encouraging or financing the cybercrime phenomenon,” the agency stated.
Romanian Waters’ network was not covered by Romania’s critical national infrastructure (CNI) protection system, though steps are underway to integrate it into this system for future protection.
“The necessary steps have started to integrate this infrastructure into the systems developed by CNC to ensure cyber protection for both public and private IT&C infrastructures of critical importance to national security,” the DNSC added.
This attack follows similar incidents targeting water authorities in other countries, including Canada, the UK, and the US, highlighting ongoing concerns about cyber threats to critical water infrastructure.
