Locked by BitLocker: 1,000 Systems Crippled in Massive Cyberattack on Romanian Waters
Romania’s National Administration of Water Resources has fallen victim to a large-scale cyberattack that resulted in the encryption of roughly one thousand workstations and servers. The breach occurred over the past weekend and affected ten of the agency’s eleven regional branches.
According to the National Directorate for Cybersecurity, the attackers exploited BitLocker, the built-in encryption feature of Windows, to lock access to data. They left a message demanding contact within a week. As a result of the attack, email services, mapping systems, databases, web interfaces, and domain name management systems were rendered inoperable. Crucially, however, the technological processes underpinning the country’s water infrastructure were not disrupted.
The agency stressed that hydrotechnical facilities are managed through dispatch centers using voice communications, while the sites themselves are staffed by on-duty personnel. Calculations, forecasting, and flood protection measures continue to operate as normal.
Several national bodies have joined the investigation, including the National Cyber Intelligence Center, which operates under the Romanian Intelligence Service. Officials noted that at the time of the attack, the water authority’s infrastructure had not yet been integrated into the national system for protecting critical IT infrastructure, though steps are now being taken to bring it under that security framework.
The incident adds to a growing list of cyberattacks affecting Romania. Last year, hackers linked to the Lynx group crippled the systems of Electrica, a major electricity provider. Earlier in 2024, more than one hundred hospitals across the country were forced to shut down their information systems following an attack involving the Backmydata malware.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
