TZUTC: -0500
MSGID: 1869.consprcy@1:2320/105 2dafdba8
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Ransomware attack on Romanian water agency hits over a thousand systems

Date:
Tue, 23 Dec 2025 13:05:00 +0000

Description:
An unknown threat actor wreaked some serious havoc but operations are
continuing unabated.

FULL STORY

Administraia Naional Apele Romne (ANAR), Romanias national public authority
responsible for managing the countrys water resources, has confirmed 
suffering a rather disruptive ransomware attack. 

As per the announcement, on December 20, an unidentified threat actor struck
its geographical information system applications servers, database servers,
Windows workstations, Windows Servers, email and web servers, and domain name
servers. The attack then trickled down to almost all of the countrys river
basin management organizations, further complicating things. 

In total, around 1,000 systems are currently affected, The Register claims. 
It still provides its service to the Romanians, it was said, with
hydrotechnical operations continuing as normal, thanks to on-site staff.

BitLocker used 

ANAR is a state-owned public institution operating under Romanias Ministry of
Environment. It manages surface and groundwater resources, oversees dams,
reservoirs, and flood defense infrastructure, and monitors water quality
nationwide. The agency is also pivotal in flood prevention, drought
mitigation, and compliance with EU water directives. 

At press time, the organizations website remains offline as well, so official
news is being distributed via alternative channels, including the X account 
of the Romanian National Cyber Security Directorate (DNSC). 

Romanian Waters did not say who the threat actors are, or how they managed to
cause such a large incident. It did say that this was a ransomware attack,
since many files were encrypted, and a ransom note was left. The company was
apparently given a week to begin negotiations. 

DNSC claims the threat actors used Windows BitLocker to encrypt files, 
hinting that this was not the doing of a prolific hacking group. 

"We reiterate that DNSC's strict policy and recommendation towards all 
victims of ransomware attacks is to neither contact nor negotiate with
cyberattackers, to avoid encouraging or financing the cybercrime phenomenon,"
the agency stressed. 

"We recommend avoiding contacting the IT&C teams of the National
Administration 'Romanian Waters' or ones of the river basin administrations,
so they can focus on restoring the impacted IT services. 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/ransomware-attack-on-romanian-water-age
ncy-hits-over-a-thousand-systems

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426