Romanian Water Authority Hit By Ransomware Attack Over Weekend
Summary:
Over the weekend, Romania’s national water management authority, Romanian Waters (Administrația Națională Apele Române), was hit by a ransomware attack, impacting several workstations and servers belonging to the administration and 10 of its 11 regional offices. Due to the incident, approximately 1,000 IT&C systems were compromised, including Geographical Information System (GIS) application servers, database servers, Windows workstations, Windows Server servers, email/web servers, and Domain Name Servers (DNS).
Romania’s National Cyber Security Directorate (DNSC and the Romanian Intelligence Service’s Cyberint Center are currently investigating the breach. According to the authorities, Attackers used Microsoft Windows’ built in Bitlocker security feature to lock files on these systems and left a ransom note demanding contact within seven days. On a good note DNSC confirmed that Operational Technologies (OT) used to control water infrastructure were not affected.
“The National Administration of Romanian Waters specifies that the operation of hydrotechnical structures is done only through dispatches using voice communications. The hydrotechnical constructions are safe and are operated locally by the on-duty personnel and coordinated through dispatches,” notes the DNSC in its advisory.
Security Officer Comments:
Attribution for this incident remains unclear as no ransomware group has claimed responsibility. The use of Windows BitLocker to lock system files instead of deploying custom ransomware, highlights a growing trend in actors using living off the land tactics, where built-in administrative tools are abused to complicate detection and forensic analysis, making attribution all the more challenging.
Although OT infrastructure was not directly affected in this incident, it signals a broader trend in targeting critical infrastructure and public sector organizations, where legacy systems and limited security controls can be exploited for high operational impact.
Suggested Corrections:
The Romanian cybersecurity agency stated that while the country's national cybersecurity system for critical IT infrastructure did not protect the water management authority's infrastructure before the attack, authorities are now working to integrate it into protective systems operated by the National Cyberint Center.
Link(s):
https://www.bleepingcomputer.com/ne...hority-hit-by-ransomware-attack-over-weekend/
Over the weekend, Romania’s national water management authority, Romanian Waters (Administrația Națională Apele Române), was hit by a ransomware attack, impacting several workstations and servers belonging to the administration and 10 of its 11 regional offices. Due to the incident, approximately 1,000 IT&C systems were compromised, including Geographical Information System (GIS) application servers, database servers, Windows workstations, Windows Server servers, email/web servers, and Domain Name Servers (DNS).
Romania’s National Cyber Security Directorate (DNSC and the Romanian Intelligence Service’s Cyberint Center are currently investigating the breach. According to the authorities, Attackers used Microsoft Windows’ built in Bitlocker security feature to lock files on these systems and left a ransom note demanding contact within seven days. On a good note DNSC confirmed that Operational Technologies (OT) used to control water infrastructure were not affected.
“The National Administration of Romanian Waters specifies that the operation of hydrotechnical structures is done only through dispatches using voice communications. The hydrotechnical constructions are safe and are operated locally by the on-duty personnel and coordinated through dispatches,” notes the DNSC in its advisory.
Security Officer Comments:
Attribution for this incident remains unclear as no ransomware group has claimed responsibility. The use of Windows BitLocker to lock system files instead of deploying custom ransomware, highlights a growing trend in actors using living off the land tactics, where built-in administrative tools are abused to complicate detection and forensic analysis, making attribution all the more challenging.
Although OT infrastructure was not directly affected in this incident, it signals a broader trend in targeting critical infrastructure and public sector organizations, where legacy systems and limited security controls can be exploited for high operational impact.
Suggested Corrections:
The Romanian cybersecurity agency stated that while the country's national cybersecurity system for critical IT infrastructure did not protect the water management authority's infrastructure before the attack, authorities are now working to integrate it into protective systems operated by the National Cyberint Center.
Link(s):
https://www.bleepingcomputer.com/ne...hority-hit-by-ransomware-attack-over-weekend/