- Romania’s ANAR hit by ransomware, affecting around 1,000 systems in river basin organizations
- The attackers used Windows BitLocker; ransom note left, negotiations discouraged by DNSC
- Hydrotechnical operations continue; offline website, updates shared via DNSC X account
The Administrația Națională Apele Române (ANAR), the Romanian national public authority responsible for managing the country’s water resources, has confirmed that it has been the victim of a rather disruptive ransomware attack.
As per the announcement, on December 20, an unidentified threat actor hit its geographic information system application servers, database servers, Windows desktops, Windows servers, email and web servers, and domain name servers. The attack then spread to almost all river basin management organizations in the country, further complicating the situation.
In total, around 1,000 systems are currently affected, The register complaints. It is still providing its service to the Romanians, it was specified, and hydrotechnical operations are continuing normally, thanks to the staff on site.
BitLocker used
ANAR is a state public institution under the Romanian Ministry of Environment. It manages surface and groundwater resources, oversees dams, reservoirs and flood defense infrastructure, and monitors water quality nationally. The agency also plays a central role in flood prevention, drought mitigation and compliance with European water directives.
At press time, the organization’s website also remains offline, so official information is disseminated through alternative channels, including the Romanian National Directorate of Cybersecurity (DNSC)’s X account.
Romanian waters did not specify who the threat actors are or how they managed to cause an incident of such magnitude. It indicated that it was a ransomware attack because many files were encrypted and a ransom note was left. The company would have had one week to begin negotiations.
DNSC claims that the threat actors used Windows BitLocker to encrypt files, implying that this was not the work of a prolific hacking group.
“We reiterate that DNSC’s strict policy and recommendation towards all victims of ransomware attacks is not to contact or negotiate with cyberattackers, in order to avoid encouraging or financing the phenomenon of cybercrime,” the agency stressed.
“We recommend avoiding contacting the IT&C teams of the Romanian National Water Administration or those of the river basin administrations, so that they can focus on restoring the affected IT services.”
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
