Romania’s National Administration “Apele Române” (Romanian Waters) disclosed a severe ransomware attack on December 20, 2025.
That compromised approximately 1,000 IT systems across the agency and 10 of its 11 regional water basin administrations.
The incident affected critical infrastructure responsible for managing the country’s water resources and hydrotechnical operations. However, operational technologies remained secure throughout the breach.
The cyberattack impacted multiple system categories, including Geographical Information System (GIS) application servers, database servers, Windows workstations and servers, email and web servers, and Domain Name Servers (DNS).
Investigators discovered that attackers exploited BitLocker, a legitimate Windows encryption mechanism, to lock files on compromised systems.
Operational Impact
The affected water basin administrations include facilities in Oradea, Cluj, Iasi, Siret, and Buzău. Attackers delivered a ransom note demanding contact within seven days.
The National Directorate of Cyber Security (DNSC) maintains its strict policy against contacting. Negotiating with cybercriminals discourages victims from financing criminal operations.
Technical teams from DNSC, the National Cyberint Center (CNC) within the Romanian Intelligence Service, and other cybersecurity authorities are actively investigating the incident and working to restore affected systems.
Despite the widespread system compromise, operational technologies (OT) controlling hydrotechnical structures remained unaffected. Allowing critical infrastructure operations to continue within normal parameters.
Dispatchers coordinate operations using telephone and radio communications, while serving personnel operate hydrotechnical constructions locally. Forecasting and flood defense activities experienced no disruption.
The investigation revealed that Romania’s national system did not previously protect Romania’s water infrastructure. For safeguarding critical IT infrastructures against cyber threats, operated by CNC.
Authorities have initiated steps to integrate this infrastructure into the national cyber protection system designed for both public and private critical IT infrastructures.
The incident highlights ongoing vulnerabilities in water utility infrastructure, which increasingly attracts ransomware operators targeting essential public services.
As investigations continue, authorities emphasize that restoring IT services remains the priority while maintaining the operational safety of Romania’s water management systems.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
