Romanian Water Authority Hit by Major Ransomware Attack
▼ Summary
– Romanian Waters, the national water management authority, was hit by a ransomware attack impacting about 1,000 systems across its headquarters and most regional offices.
– The attack encrypted files using Windows BitLocker and demanded a ransom, but critical operational technology controlling water infrastructure was not compromised.
– Romanian cybersecurity agencies are investigating and working to integrate the authority into the national critical IT infrastructure protection system.
– While the attack’s origin is unclaimed and unattributed, it follows warnings about pro-Russia groups targeting global critical infrastructure.
– This is part of a pattern of major ransomware attacks in Romania, following recent incidents affecting the electricity grid and hospital systems.
A significant ransomware incident has disrupted the operations of Romania’s national water management authority, known as Romanian Waters. The attack, which occurred over a recent weekend, impacted roughly one thousand computer systems across the organization’s central office and nearly all of its regional branches. Crucial operational technology controlling physical water infrastructure, such as dams and treatment facilities, remained unaffected and continues to function normally. The breach primarily affected administrative and support systems, including servers for geographic data, internal databases, email platforms, and web services.
Investigators from the National Cyber Security Directorate (DNSC) and the Romanian Intelligence Service’s National Cyberint Center discovered that the attackers used a surprising method. They leveraged the legitimate Windows BitLocker encryption feature to lock files on the compromised machines. A ransom note was left behind, instructing officials to make contact within a seven-day window. The exact method of initial access, or attack vector, remains under active investigation.
In official statements, Romanian Waters emphasized that the coordination of water management operations is conducted through dedicated dispatch centers using voice, telephone, and radio communications. “Hydrotechnical facilities are safe and they are locally operated by on-site personnel coordinated via the dispatch centres,” the agency confirmed. The DNSC further noted that forecasting services and flood protection activities have continued without interruption.
This event has prompted a swift security response. Authorities acknowledged that the water authority’s IT infrastructure was not previously integrated into the national cybersecurity system designed for critical infrastructure. Efforts are now underway to incorporate these systems into the protective umbrella managed by the National Cyberint Center to prevent future incidents.
As of now, no ransomware group or state-sponsored threat actor has publicly claimed responsibility for the attack, and Romanian officials have not attributed it to any specific entity. However, the incident echoes broader geopolitical tensions in the cyber domain. It follows allegations by Danish intelligence earlier this year that Russia was behind a destructive cyberattack on a water utility. Furthermore, in early December, a global coalition of cybersecurity agencies, including CISA and the FBI, issued warnings about pro-Russia hacktivist groups actively targeting critical infrastructure worldwide.
This ransomware attack is the latest in a series of major cyber incidents affecting Romania. Just one year ago, the Electrica Group, a primary electricity supplier, fell victim to the Lynx ransomware gang. Earlier in 2024, over one hundred hospitals across the country were forced to take systems offline following a separate ransomware attack that disrupted healthcare management platforms, underscoring a persistent threat to essential services.
(Source: Bleeping Computer)
