1. Forum
  2. FidoNet
  3. CONSPRCY

  • Ransomware attack on Roma

    From Mike Powell@1:2320/105 to All on Tue Dec 23 08:51:23 2025
    Ransomware attack on Romanian water agency hits over a thousand systems

    Date:
    Tue, 23 Dec 2025 13:05:00 +0000

    Description:
    An unknown threat actor wreaked some serious havoc but operations are continuing unabated.

    FULL STORY

    Administraia Naional Apele Romne (ANAR), Romanias national public authority responsible for managing the countrys water resources, has confirmed
    suffering a rather disruptive ransomware attack.

    As per the announcement, on December 20, an unidentified threat actor struck its geographical information system applications servers, database servers, Windows workstations, Windows Servers, email and web servers, and domain name servers. The attack then trickled down to almost all of the countrys river basin management organizations, further complicating things.

    In total, around 1,000 systems are currently affected, The Register claims.
    It still provides its service to the Romanians, it was said, with hydrotechnical operations continuing as normal, thanks to on-site staff.

    BitLocker used

    ANAR is a state-owned public institution operating under Romanias Ministry of Environment. It manages surface and groundwater resources, oversees dams, reservoirs, and flood defense infrastructure, and monitors water quality nationwide. The agency is also pivotal in flood prevention, drought
    mitigation, and compliance with EU water directives.

    At press time, the organizations website remains offline as well, so official news is being distributed via alternative channels, including the X account
    of the Romanian National Cyber Security Directorate (DNSC).

    Romanian Waters did not say who the threat actors are, or how they managed to cause such a large incident. It did say that this was a ransomware attack, since many files were encrypted, and a ransom note was left. The company was apparently given a week to begin negotiations.

    DNSC claims the threat actors used Windows BitLocker to encrypt files,
    hinting that this was not the doing of a prolific hacking group.

    "We reiterate that DNSC's strict policy and recommendation towards all
    victims of ransomware attacks is to neither contact nor negotiate with cyberattackers, to avoid encouraging or financing the cybercrime phenomenon," the agency stressed.

    "We recommend avoiding contacting the IT&C teams of the National
    Administration 'Romanian Waters' or ones of the river basin administrations,
    so they can focus on restoring the impacted IT services.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/ransomware-attack-on-romanian-water-age ncy-hits-over-a-thousand-systems

    $$
    --- SBBSecho 3.28-Linux
    * Origin: Capitol City Online (1:2320/105)