Romanian National Water Agency locked out of systems encrypted by attackers with native BitLocker
Learn More
Romania's national water management authority, Administrația Națională Apele Române (Romanian Waters), reports a data encryption attack that began on December 20, 2025, compromising approximately 1,000 computer systems across its infrastructure.
The National Cyber Security Directorate (DNSC) confirmed that the incident impacted 10 of the country's 11 regional river basin management organizations, including facilities in Oradea, Cluj, Iași, Siret, and Buzău. Investigators from multiple Romanian security agencies, including the Romanian Intelligence Service's National Cyberint Center, are actively working to contain the incident and restore affected systems.
The attackers employed an unconventional encryption technique by exploiting BitLocker, the Windows encryption tool, to lock files. Multiple critical systems were affected by the encryption attack, including:
- Geographical Information System (GIS) application servers
- Database servers
- Email and web servers
- Windows workstations and Windows Server systems
- Domain Name Servers (DNS)
The number of affected individuals and any stolen data is not disclosed.
The DNSC emphasized that operational technology (OT) systems controlling water infrastructure are not affected. Hydrotechnical operations, including dam control, flood management, and water distribution systems, continue functioning normally through manual oversight and voice coordination protocols.
Staff have been forced to rely on telephone and radio communications as email servers were impacted, but dispatch centers are maintaining normal operational parameters for all water management activities.
Romanian Waters' infrastructure was not protected by the country's national cybersecurity system for critical IT infrastructure at the time of the attack. This system, similar to the UK NCSC's Early Warning service, monitors network traffic to detect anomalous activity and prevent attacks before they become disruptive. Following the incident, authorities have initiated steps to integrate Romanian Waters' network into protective systems developed by the National Cyber Intelligence Center to ensure cyber protection for both public and private critical infrastructure using intelligent technologies.
