← Back to articles

Major Ransomware Attack Targets Romania's Water Management Systems

December 30, 2025

Romania's cybersecurity authority has confirmed a significant ransomware incident impacting the country's water management administration, affecting approximately 1,000 systems. The investigation and remediation efforts are ongoing, with operational functions remaining largely unaffected.

Water management infrastructure

Scope of the Attack

The Administrația Națională Apele Române (Romanian Waters) reports widespread disruption across its infrastructure, including servers for geographic information systems, databases, Windows workstations, email and web servers, and domain name servers. Its official website remains offline, with updates being shared through alternative channels.

Romanian Waters is responsible for overseeing critical water infrastructure such as dams, waterways, drinking water supplies, and monitoring systems. The attack, which started on December 20, also compromised ten out of eleven of the country’s river basin management organizations.

Impact and Response

Despite the encryption of files on roughly 1,000 systems, Romanian Waters has assured that their operational capabilities remain functional. Hydrotechnical operations continue normally, managed locally by on-site staff. The cybersecurity agency, DNSC, clarified that there has been no disruption to essential water management activities.

The perpetrators used ransomware tactics, encrypting files and leaving ransom notes demanding negotiations within a week. However, authorities did not specify the group responsible, noting that the attackers exploited Windows' BitLocker encryption rather than a typical ransomware payload.

"We reiterate that DNSC's strict policy and recommendation towards all victims of ransomware attacks is to neither contact nor negotiate with cyberattackers, to avoid encouraging or financing the cybercrime phenomenon," the agency emphasized.

Security Gaps and Future Measures

Romanian Waters' network was not shielded by Romania's critical national infrastructure (CNI) safeguarding system. Although Romania has monitoring tools akin to the UK NCSC's Early Warning service, which detects and prevents attacks in real time, Romanian Waters' integration into such systems is still underway.

"The necessary steps have started to integrate this infrastructure into the systems developed by CNC to ensure cyber protection for both public and private IT&C infrastructures of critical importance to national security, using intelligent technologies," the DNSC stated.

Broader Context

This incident is part of a rising pattern of cyberattacks targeting water infrastructures globally. Similar attacks in Canada, the UK, and the US highlight the vulnerability of vital services—pose for public safety and national security—when malicious actors target these critical systems.

As attackers increasingly focus on critical infrastructure, governments are urged to strengthen cybersecurity defenses, monitor network traffic proactively, and develop rapid response strategies to mitigate potential disaster scenarios.

Stay informed about cybersecurity threats and read more about the latest developments in protecting critical infrastructure.