Romania’s national water authority, Romanian Waters, is working to restore operations after a major ransomware attack that began on December 20, 2025 and disrupted roughly 1,000 computer systems. According to the National Cyber Security Directorate (DNSC), the incident affected workstations, email services, web servers, and other core digital tools used across the agency. Because water management is classified as critical infrastructure under national law, the attack is being treated as a direct threat to public safety.
The intrusion spread from the central office to 10 of the agency’s 11 regional branches, impacting locations in Oradea, Cluj, Iași, Siret, and Buzău. Key systems—including DNS servers, databases, and GIS platforms used for water‑mapping—were knocked offline, forcing staff to rely on radios and telephones to manage dams and flood defenses. While the agency’s website remains down, officials are sharing updates through social media to maintain public communication.
Investigators say the attackers used an unusual tactic by weaponizing BitLocker, a legitimate Windows encryption tool, to lock the agency out of its own data. The method made the intrusion harder to detect, and the initial point of entry remains unknown. A ransom note left by the hackers demanded negotiations within seven days, but authorities reaffirmed their policy of refusing all contact with cybercriminals.
Romanian Waters was not yet integrated into the country’s centralized cyber‑protection system operated by the National Cyberint Center, but officials say steps are now underway to bring the agency under that umbrella. Technical teams from the Romanian Intelligence Service and other state bodies are working to contain the damage and restore systems, while the DNSC has urged the public not to contact IT staff during the recovery effort.
The incident underscores growing global concerns about cyber threats targeting operational technology systems that control physical infrastructure. Recent attacks in Norway, the United States, and the United Kingdom have exposed vulnerabilities in water‑sector control systems, where weak passwords, outdated software, and poor network segmentation can allow intruders to manipulate critical processes. The Romanian attack adds to mounting evidence that water infrastructure, though physically robust, remains digitally exposed in an era of increasingly aggressive cyber activity.
