Romanian water authority hit by ransomware attack over weekend

Published:

22 december 2025 om 15:25:50

Alert date:

22 december 2025 om 16:02:17

Source:

bleepingcomputer.com

Ransomware & Malware, Critical Infrastructure

Romanian Waters (Administrația Națională Apele Române), Romania's national water management authority, was hit by a ransomware attack over the weekend. The attack targeted critical water infrastructure, potentially affecting water management operations across the country. This represents a significant attack on critical infrastructure that could impact public services and water supply systems. The timing over the weekend suggests attackers may have chosen a period when IT staff might be less available to respond quickly.

Technical details

Attackers used Windows BitLocker security feature to encrypt files on compromised systems. The attack impacted approximately 1,000 computer systems at Romanian Waters and 10 of its 11 regional offices. Affected systems included servers running geographic information systems, databases, email, web services, Windows workstations, and domain name servers. Operational technology (OT) systems controlling water infrastructure were not affected. Ransom note demanded contact within 7 days.

Mitigation steps:

Integrate critical infrastructure into protective systems operated by National Cyberint Center. Use voice communications through dispatch centers for hydrotechnical asset operations. Maintain local operation by service personnel coordinated by dispatch centers. Implement telephone and radio communications for dispatching and operations.

Affected products:

Windows BitLocker
Windows workstations
Domain name servers
Geographic information systems
Email services
Web services
Database systems

Related CVE's:

Related threat actors:

Z-Pentest

Sector16

NoName

CARR (Cyber Army of Russia Reborn)

Lynx ransomware gang

Backmydata ransomware

IOC's:

This article was created with the assistance of AI technology by Perceptive.