- Romania’s ANAR hit by ransomware affecting around 1,000 systems across river basin organizations
- Attackers used Windows BitLocker; ransom note left, negotiations discouraged by DNSC
- Hydrotechnical activities continue; website offline, updates shared via DNSC’s X account
Administrația Națională Apele Române (ANAR), Romania’s national public authority responsible for managing the country’s water resources, has confirmed that it is suffering from a rather disturbing ransomware attack.
According to the announcement, on December 20, an unidentified threat actor compromised its geographic information system application servers, database servers, Windows workstations, Windows servers, email and web servers, and domain name servers. The attack then trickled down to almost all of the country’s watershed management organizations, further complicating matters.
In total, around 1,000 systems are currently affected, The register claims. It is still providing its service to Romanians, it was said, with hydro engineering operations continuing as normal thanks to staff on site.
BitLocker used
ANAR is a state-owned public institution operating under the Ministry of the Environment of Romania. It manages surface and groundwater resources, oversees dams, reservoirs and flood protection infrastructure, and monitors water quality throughout the country. The agency is also critical to flood prevention, drought mitigation and compliance with EU water directives.
At press time, the organization’s website also remains offline, so official news is distributed through alternative channels, including the X account of the Romanian National Cyber Security Directorate (DNSC).
Romanian Waters did not say who the threat actors are or how they managed to cause such a large incident. It said this was a ransomware attack as many files were encrypted and a ransom note was left behind. The company was apparently given a week to begin negotiations.
DNSC claims that the threat actors used Windows BitLocker to encrypt files, suggesting that this was not the action of a prolific hacker group.
“We reiterate that DNSC’s strict policy and recommendation to all victims of ransomware attacks is to neither contact nor negotiate with cyber attackers to avoid encouraging or funding the cybercrime phenomenon,” the agency stressed.
“We recommend that you avoid contacting the IT&C teams of the National Administration ‘Romanian Waters’ or any of the watershed administrations so that they can focus on restoring the affected IT services.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
