**
ROUMANIAN WATERS CONFIRMS CYBERATTACK, CRITICAL WATER OPERATIONS UNAFFECTED
**In a recent development that has sent shockwaves through the cybersecurity community, Romania's national water management authority, Romanian Waters (Administrația Națională Apele Române), has confirmed a ransomware attack that affected its computer systems and regional offices. The incident, which was reported to have taken place over the weekend, has raised concerns about the vulnerability of critical infrastructure organizations to cyber threats.
According to the National Cyber Security Directorate (DNSC), the attack impacted approximately 1,000 computer systems across the central organization and 10 out of its 11 regional offices. The affected systems included GIS servers, databases, email and web services, Windows workstations, and domain name servers. However, authorities have assured that operational technology (OT) systems managing water infrastructure were not compromised, and water operations continue to function normally.
"The National Directorate of Cyber Security (DNSC) was notified on December 20, 2025 of a ransomware cyber attack on several workstations and servers belonging to the National Romanian Waters Administration and a number of 10 (out of 11) water basin administrations in the country, including Oradea, Cluj, Iași, Siret, Buzău," reads the press release published by DNSC. "Due to this cyber incident, approximately 1,000 IT&C systems were compromised, including Geographical Information System (GIS) application servers, database servers, Windows workstations, Windows Server servers, email/web servers, and Domain Name Servers (DNS)."
Technical teams from the DNSC, Romanian Waters, the SRI's National Cyberint Center, affected entities, and other authorities are actively investigating the incident and working to contain its impact. The authorities have also started the process of integrating Romanian Waters' infrastructure into the national cyber protection system operated by CNC, which uses advanced technologies to protect critical public and private IT and communications infrastructure from cyber threats.
Government experts who are investigating the incident confirmed that threat actors used Windows BitLocker to encrypt systems and issued a ransom note demanding contact within seven days. However, at this time, the attack vector has not yet been identified. DNSC reiterated its strict advice not to contact or negotiate with ransomware actors to avoid encouraging and funding cybercrime.
"We recommend that the IT&C teams of the Romanian Waters National Administration or the basin administrations not be contacted, so that they can focus on restoring IT services!" concludes the report.
**
BACKGROUND AND CONTEXT
**In early December, CISA, alongside the FBI, NSA, Europol's EC3, and other global partners, warned that pro-Russia hacktivist groups such as Z-Pentest, Sector16, NoName, and the Cyber Army of Russia Reborn are actively targeting critical infrastructure organizations worldwide. The warning came after a series of high-profile attacks on critical infrastructure targets, including energy companies, transportation systems, and water treatment facilities.
The Romanian Waters incident is just one example of the increasing threats faced by critical infrastructure organizations in the face of growing cyber threats. As the world becomes increasingly dependent on interconnected systems, the potential consequences of a successful attack are becoming more severe. It remains to be seen whether this incident will mark a turning point in the nation's efforts to bolster its cybersecurity defenses.
**
FOLLOW THE STORY
**Stay up-to-date with the latest developments on this story by following me on Twitter: @securityaffairs and Facebook and Mastodon.