Romania Investigates Major Ransomware Attack on National Water Authority On December 24, 2025, Romanian authorities confirmed a large-scale ransomware attack targeting Apele Române, the country’s national water administration. The attack encrypted approximately 1,000 IT systems across regional water basin offices, disrupting email systems, databases, servers, and workstations. Threat actors exploited Microsoft’s BitLocker tool to lock files and issued a ransom demand, requiring contact within seven days. However, Romanian cybersecurity officials have refused to engage with the attackers. Despite the IT disruptions, operational technology—including hydrotechnical infrastructure and critical water management systems—remained unaffected, allowing flood defense operations to continue normally. Staff relied on radio and telephone communications to maintain coordination during the recovery effort. The National Directorate of Cyber Security and the Romanian Intelligence Service’s cyber center are leading the investigation and system restoration. Authorities are also working to integrate water infrastructure into the state’s cyber protection framework. The incident highlights the growing trend of ransomware groups targeting essential public utilities, underscoring the need for enhanced resilience and identity controls in critical sectors.