**Romania Investigates Major Ransomware Attack on National Water Authority**
On December 24, 2025, Romanian authorities confirmed a large-scale ransomware attack targeting Apele Române, the country’s national water administration. The attack encrypted approximately 1,000 IT systems across regional water basin offices, disrupting email systems, databases, servers, and workstations.
Threat actors exploited Microsoft’s BitLocker tool to lock files and issued a ransom demand, requiring contact within seven days. However, Romanian cybersecurity officials have refused to engage with the attackers. Despite the IT disruptions, operational technology—including hydrotechnical infrastructure and critical water management systems—remained unaffected, allowing flood defense operations to continue normally. Staff relied on radio and telephone communications to maintain coordination during the recovery effort.
The National Directorate of Cyber Security and the Romanian Intelligence Service’s cyber center are leading the investigation and system restoration. Authorities are also working to integrate water infrastructure into the state’s cyber protection framework. The incident highlights the growing trend of ransomware groups targeting essential public utilities, underscoring the need for enhanced resilience and identity controls in critical sectors.
Source: https://dig.watch/updates/romania-investigates-large-scale-cyber-attack-on-national-water-body
Administrația Națională „Apele Române” cybersecurity rating report: https://www.rankiteo.com/company/apele-romane
"id": "APE1766599000",
"linkid": "apele-romane",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'water management',
'location': 'Romania',
'name': 'Apele Române',
'type': 'government agency'}],
'data_breach': {'data_encryption': 'Yes (using Microsoft BitLocker)'},
'date_detected': '2025-12-24',
'date_publicly_disclosed': '2025-12-24',
'description': 'Authorities in Romania confirmed a severe ransomware attack '
'on the national water administration ‘Apele Române’, '
'encrypting around 1,000 IT systems across most regional water '
'basin offices. Attackers used Microsoft’s BitLocker tool to '
'lock files and issued a ransom note demanding contact within '
'seven days. The disruption affected email systems, databases, '
'servers, and workstations but did not impact operational '
'technology or critical water management systems.',
'impact': {'operational_impact': 'Disruption to administrative systems; no '
'impact on hydrotechnical structures or '
'critical water management',
'systems_affected': '1000 IT systems (email, databases, servers, '
'workstations)'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Ransomware groups increasingly target essential '
'utilities, making resilience and identity controls a '
'strategic priority. Water infrastructure is now being '
'included in the state cyber protection framework.',
'motivation': 'financial gain',
'post_incident_analysis': {'corrective_actions': 'Including water '
'infrastructure within the '
'state cyber protection '
'framework'},
'ransomware': {'data_encryption': 'Yes',
'ransom_demanded': 'Contact within seven days',
'ransom_paid': 'No (officials rejected negotiation)'},
'references': [{'date_accessed': '2025-12-24', 'source': 'News article'}],
'response': {'remediation_measures': 'Restoring systems'},
'title': 'Ransomware Attack on Romanian National Water Administration',
'type': 'ransomware'}