TZUTC: -0500   
   MSGID: 1869.consprcy@1:2320/105 2dafdba8   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Ransomware attack on Romanian water agency hits over a thousand systems   
      
   Date:   
   Tue, 23 Dec 2025 13:05:00 +0000   
      
   Description:   
   An unknown threat actor wreaked some serious havoc but operations are   
   continuing unabated.   
      
   FULL STORY   
      
   Administraia Naional Apele Romne (ANAR), Romanias national public authority   
   responsible for managing the countrys water resources, has confirmed    
   suffering a rather disruptive ransomware attack.    
      
   As per the announcement, on December 20, an unidentified threat actor struck   
   its geographical information system applications servers, database servers,   
   Windows workstations, Windows Servers, email and web servers, and domain name   
   servers. The attack then trickled down to almost all of the countrys river   
   basin management organizations, further complicating things.    
      
   In total, around 1,000 systems are currently affected, The Register claims.    
   It still provides its service to the Romanians, it was said, with   
   hydrotechnical operations continuing as normal, thanks to on-site staff.   
      
   BitLocker used    
      
   ANAR is a state-owned public institution operating under Romanias Ministry of   
   Environment. It manages surface and groundwater resources, oversees dams,   
   reservoirs, and flood defense infrastructure, and monitors water quality   
   nationwide. The agency is also pivotal in flood prevention, drought   
   mitigation, and compliance with EU water directives.    
      
   At press time, the organizations website remains offline as well, so official   
   news is being distributed via alternative channels, including the X account    
   of the Romanian National Cyber Security Directorate (DNSC).    
      
   Romanian Waters did not say who the threat actors are, or how they managed to   
   cause such a large incident. It did say that this was a ransomware attack,   
   since many files were encrypted, and a ransom note was left. The company was   
   apparently given a week to begin negotiations.    
      
   DNSC claims the threat actors used Windows BitLocker to encrypt files,    
   hinting that this was not the doing of a prolific hacking group.    
      
   "We reiterate that DNSC's strict policy and recommendation towards all    
   victims of ransomware attacks is to neither contact nor negotiate with   
   cyberattackers, to avoid encouraging or financing the cybercrime phenomenon,"   
   the agency stressed.    
      
   "We recommend avoiding contacting the IT&C teams of the National   
   Administration 'Romanian Waters' or ones of the river basin administrations,   
   so they can focus on restoring the impacted IT services.    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/ransomware-attack-on-romanian-water-age   
   ncy-hits-over-a-thousand-systems   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: Capitol City Online (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426