- Romania’s ANAR hit by ransomware, affecting around 1,000 systems in river basin organizations
- The attackers used Windows BitLocker; A ransom note was left, DNSC discouraged negotiations.
- Hydrotechnical operations continue; offline website, updates shared via DNSC account
Administrația Națională Apele Române (ANAR), Romania’s national public authority responsible for managing the country’s water resources, has confirmed that it has suffered a rather disturbing ransomware attack.
According to the announcement, on December 20, an unidentified threat actor attacked its geographic information system application servers, database servers, Windows workstations, Windows servers, web and email servers, and domain name servers. The attack then spread to almost every river basin management organization in the country, further complicating matters.
In total, there are currently around 1,000 systems affected. The Registry claims. It is reportedly still serving Romanians and hydrotechnical operations continue normally thanks to on-site personnel.
Used BitLocker
ANAR is a state-owned public institution reporting to the Romanian Ministry of Environment. It manages surface and groundwater resources, oversees dams, reservoirs and flood defense infrastructure, and monitors water quality throughout the country. The agency is also instrumental in flood prevention, drought mitigation and compliance with EU water directives.
At press time, the organization’s website also remains offline, so official news is distributed through alternative channels, including the X account of Romania’s National Cyber Security Directorate (DNSC).
Romanian Waters did not say who the threat actors are or how they managed to cause such a large incident. He said it was a ransomware attack as many files were encrypted and a ransom note was left. The company was apparently given a week to begin negotiations.
DNSC claims that the threat actors used Windows BitLocker to encrypt files, hinting that this was not the work of a prolific hacking group.
“We reiterate that DNSC’s strict policy and recommendation towards all victims of ransomware attacks is not to contact or negotiate with cyber attackers, to avoid promoting or financing the phenomenon of cybercrime,” the agency stressed.
“We recommend avoiding contacting the IT&C teams of the National Administration ‘Romanian Waters’ or river basin administrations, so that they can focus on restoring the affected IT services.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
