Over the weekend, Romanian cybersecurity authorities identified a significant security breach affecting the majority of the national water authority's digital infrastructure. The attack hit 10 out of 11 regional offices, locking down workstations, databases, and geographic information systems. Investigators from the National Cyber Security Directorate and the Romanian Intelligence Service discovered that the perpetrators utilized the built-in BitLocker encryption feature to seize control of the files. A ransom note was left behind giving the agency seven days to make contact, though no specific group has claimed responsibility for the incident yet.
Despite the widespread disruption to the agency's internal IT environment, the physical safety of the country's water supply and hydrotechnical structures has not been compromised. Officials emphasized that the management of dams and flood protection systems relies on local personnel and voice communication channels, such as telephone and radio, rather than the affected digital network. Consequently, all critical operations and forecasting activities continue to function within normal parameters. This manual redundancy has ensured that the attack remains a data crisis rather than a public safety emergency.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
The investigation into how the hackers gained entry is currently ongoing, with multiple security agencies working to contain the impact and restore services. Prior to this event, the water authority’s infrastructure was not integrated into the country’s national cybersecurity protection system for critical assets. In response to the breach, authorities are now moving to incorporate the agency into more robust protective systems managed by the National Cyberint Center to prevent future vulnerabilities.
While an official attribution has not been made, the incident occurs amidst heightened global warnings regarding threats to critical infrastructure. Recent alerts from international agencies like the FBI and CISA have highlighted a trend of pro-Russia hacktivist groups targeting utility providers worldwide. This context is particularly relevant given a similar cyberattack against Danish water utilities in 2024, though investigators in Romania remain cautious about naming a specific adversary until more forensic evidence is gathered.
This breach is the latest in a series of aggressive ransomware campaigns to strike Romania’s essential services over the past few years. Previous high-profile incidents include a major attack on the Electrica Group energy supplier and a massive ransomware wave that forced over 100 hospitals to take their systems offline in early 2024. As the water authority works toward recovery, the event serves as a stark reminder of the persistent digital threats facing the nation’s critical public services.
Source: Romanian Water Authority Hit By Ransomware Attack Over Weekend