Overview
- Roughly 1,000 computers and servers across the central office and 10 of 11 basin administrations were encrypted, impacting GIS, databases, email and web services, Windows workstations, and DNS.
- Operational technology and hydrotechnical functions remain unaffected, with structures operated locally and coordinated by dispatch centers using telephone and radio.
- Attackers left a ransom note seeking contact within seven days, and the national cybersecurity directorate reiterated its policy not to contact or negotiate with ransomware actors.
- The initial access vector has not been identified, a multiagency probe led by DNSC and SRI’s National Cyberint Center is ongoing, and no group has claimed responsibility.
- Romanian Waters’ public website is offline, official updates are being shared through alternative channels, and integration into the CNC national cyber protection system has begun.