Cyber attack on “Romanian Waters”: Essential activities are not affected. It is not known exactly how the attackers penetrated the network
Ransomware, Photo: Vchalup, Dreamstime.com
The “Apele Romanian Waters” National Administration on Monday came with new information related to the ransomware cyber attack that compromised several workstations and servers in the country, stating that “there is no impact on essential activities”. The investigation is ongoing and at this time it is not known exactly how the attackers penetrated the network.
The “Apele Romanian Waters” National Administration informed on Monday, December 22, that the investigation of the ransomware cyber incident, notified to the National Cyber Security Directorate (DNSC) on December 20, is still ongoing.
What is the current situation?
Technical teams involved in the investigation, along with responsible competent authorities continue to work to limit the impact and restore computer systems, the Administration says.
The dispatching activity and the operation of hydrotechnical structures are carried out in normal parameters, using telephone and radio communications. The hydrotechnical constructions are safe and operated locally by the service personnel, coordinated by dispatchers.
Forecasting activity and flood defenses were not affected.
It is not known exactly how the attackers operated
The investigation is ongoing and, at this time, it is not known exactly how the attackers penetrated the network, the Administration notes.
Risks and impact
The operational technologies (OT) were not affected and there is no impact on the essential activities of the “Romanian Waters” National Administration, emphasizes the institution.
With the support of the responsible competent authorities of the state, an action plan was adopted to restore the IT systems.
The Romanian Waters National Administration says it will return with additional information as it can be publicly communicated, to avoid confusion and ensure the security of information processes.
About 1,000 IT&C systems were compromised in the attack
A ransomware-type cyberattack took place on several workstations and servers belonging to the Romanian National Water Administration (ANAR) and a number of 10 water basin administrations in the country, including Oradea, Cluj, Iasi, Siret, Buzau, Romanian Waters announced on Sunday. The institution said that a ransom note was sent from the attackers, who request to be contacted within 7 days.
The company reminds that DNSC's policy and strict recommendation is that victims of ransomware attacks do not contact and negotiate with cyber attackers, in order not to encourage and finance this criminal phenomenon.
“The National Directorate of Cyber Security (DNSC) was notified on December 20, 2025 regarding a ransomware-type cyber attack on several workstations and servers belonging to the Romanian National Water Administration and a number of 10 (out of 11) water basin administrations in the country, including Oradea, Cluj, Iasi, Siret, Buzau. Due to this cyber incident, approximately 1,000 IT&C systems were compromised, including Geographical Information System (GIS) application servers, database servers, Windows workstations, Windows Server servers, e-mail/web servers and Domain Name Servers (DNS),” Romanian Waters announced on Sunday.
The institution emphasized that the operational technologies (OT – Operational Technologies) were not affected, so that the usual activity is carried out at this moment in normal parameters.
Photo source: Dreamstime.com
Cyber attack on several workstations and servers of “Romanian Waters”. Which basin administrations are affected
