Ransomware attack on Romanian water agency hits over a thousand systems

• Romania’s ANAR hit by ransomware, affecting around 1,000 systems across river basin organizations
• Attackers used Windows BitLocker; ransom note left, negotiations discouraged by DNSC
• Hydrotechnical operations continue; website offline, updates shared via DNSC’s X account

Administrația Națională Apele Române (ANAR), Romania’s national public authority responsible for managing the country’s water resources, has confirmed suffering a rather disruptive ransomware attack.

As per the announcement, on December 20, an unidentified threat actor struck its geographical information system applications servers, database servers, Windows workstations, Windows Servers, email and web servers, and domain name servers. The attack then trickled down to almost all of the country’s river basin management organizations, further complicating things.

In total, around 1,000 systems are currently affected, The Register claims. It still provides its service to the Romanians, it was said, with hydrotechnical operations continuing as normal, thanks to on-site staff.

BitLocker used

ANAR is a state-owned public institution operating under Romania’s Ministry of Environment. It manages surface and groundwater resources, oversees dams, reservoirs, and flood defense infrastructure, and monitors water quality nationwide. The agency is also pivotal in flood prevention, drought mitigation, and compliance with EU water directives.

At press time, the organization’s website remains offline as well, so official news is being distributed via alternative channels, including the X account of the Romanian National Cyber Security Directorate (DNSC).

Romanian Waters did not say who the threat actors are, or how they managed to cause such a large incident. It did say that this was a ransomware attack, since many files were encrypted, and a ransom note was left. The company was apparently given a week to begin negotiations.

DNSC claims the threat actors used Windows BitLocker to encrypt files, hinting that this was not the doing of a prolific hacking group.

"We reiterate that DNSC's strict policy and recommendation towards all victims of ransomware attacks is to neither contact nor negotiate with cyberattackers, to avoid encouraging or financing the cybercrime phenomenon," the agency stressed.

"We recommend avoiding contacting the IT&C teams of the National Administration 'Romanian Waters' or ones of the river basin administrations, so they can focus on restoring the impacted IT services.”

The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.