Romania’s National Water Authority Faces Severe Ransomware Attack
Romania’s national water authority, Romanian Waters (Administrația Națională Apele Române), is in the midst of recovery following a significant ransomware attack that commenced on December 20, 2025. The assault has severely compromised the agency’s operations, impacting around 1,000 computer systems, from workstations to email services and web servers.
As reported by the National Cyber Security Directorate (DNSC), the attack extended from the central office to 10 of the 11 regional river management branches, including sites in Oradea, Cluj, Iași, Siret, and Buzău. The disruption led to the failure of critical digital tools, notably database and domain name servers, geospatial information systems (GIS), and essential online communication platforms.
Despite the ongoing technical challenges, crucial physical infrastructure such as dams and flood defenses remains operational. Personnel on-site are manually managing systems through radios and telephones while the official website continues to be offline. In light of the attack, authorities have shifted their information-sharing strategies to social media platforms.
Initial investigations suggest the attackers may have utilized BitLocker, a legitimate Windows security tool, to encrypt the agency’s data, thereby complicating detection efforts by cybersecurity measures. The precise method of initial network compromise remains undetermined. The DNSC confirmed that the attackers issued a digital ransom note demanding negotiations within a week. However, the agency has declined to engage, adhering to an official policy against negotiating with cybercriminals.
As the agency navigates this crisis, it is noteworthy that the Romanian Waters network was not yet integrated into the central cyber-protection framework managed by the National Cyberint Center (CNC). In response to the incident, efforts are underway to include the agency in the national security infrastructure through modern technological advancements.
Specialized technical teams from the Romanian Intelligence Service (SRI) and other state authorities are actively working to mitigate the attack’s impact. Recent communications from the DNSC confirm continued efforts in system restoration, urging the public to refrain from overwhelming IT staff during this recovery process.
This attack underscores a growing concern regarding operational technology (OT) vulnerabilities within critical water infrastructure, which is increasingly targeted by cyber adversaries. Recent similar incidents, including one in Norway where hackers manipulated a dam’s control systems, illustrate the severe risks posed by inadequate cybersecurity measures within water utilities and related sectors.
The U.S. has also seen increased federal warnings regarding ransomware targeting water facility systems, emphasizing vulnerabilities that could jeopardize our access to clean water and effective flood defenses. This ongoing trend serves as a crucial reminder of the importance of robust cybersecurity measures, as threats to digital infrastructure directly impact essential physical systems.
