Cyberattack disables a thousand computers of Romania’s water authority
By ForGeeks
In Romania, a cyberattack using ransomware encryption knocked out about 1,000 computers in the water management system; water supply operations were not disrupted.
Romanian water authorities reported a large-scale cyberattack that disabled about 1,000 computers. The incident affected 10 of the agency’s 11 regional offices and resulted in key digital systems being locked down using data encryption typical of ransomware attacks.
Romania’s water authority reported a large-scale cyberattack that disabled thousands of computers.
The attackers reportedly encrypted data on Windows workstations as well as domain infrastructure servers. Email, Web services, databases and geographic information systems used in the agency’s day-to-day operations were affected. After the attack, the perpetrators left a message demanding that they be contacted within seven days, but no hacker group has yet officially claimed responsibility for the incident.
BitLocker and the investigation into the attack
Romania’s National Cybersecurity Directorate reported that the attackers used Windows’ built-in BitLocker mechanism to encrypt data, rather than specialized third-party malware. The specific vector of the attack remains unknown at the time of publication.
Cybersecurity experts are investigating the incident in conjunction with the Romanian Intelligence Service. The main task at the moment is to restore serviceability of the affected systems and analyze how the attackers managed to gain access to the infrastructure.
Cybersecurity experts together with the Romanian Intelligence Service are investigating the incident.
Despite the severe digital disruption, physical water supply management systems were not affected. Officials confirmed that water supplies to the public are being delivered as normal, and facilities continue to be managed using dispatch channels and voice communications. This has avoided any disruption to supply, unlike a similar incident in Denmark a year earlier, when a cyberattack led to burst water pipes and temporary water cuts to hundreds of homes.
Context of attacks on critical infrastructure
Although the current attack in Romania has not yet been publicly linked to a specific group, its nature fits into the overall pattern of cyberattacks on European infrastructure. A number of states have previously labeled such incidents as elements of so-called hybrid warfare.
In particular, Denmark last week officially accused Russia of two cyberattacks on its infrastructure. In 2024, an attack on water supply control systems led to pressure changes in pipes and accidents that left around 500 homes without water. In 2025, another attack targeted government websites ahead of elections. Germany has also previously linked interference with air traffic control systems to the actions of a hacking group that authorities believe is linked to Russia.
