Water for People, a nonprofit organization that aims to improve access to clean water for people whose health is threatened by lack of clean water and sanitation, is the latest organization to be affected by ransomware criminals.
Ransomware-as-a-service gang Medusa listed Water for People on its darknet site Thursday evening, threatening to release stolen information unless the nonprofit paid a $300,000 extortion fee .
A spokesperson for Water for People told Recorded Future News: “The data accessed is from before 2021, has not compromised our financial systems and no business operations have been affected. We work with top incident response companies, as well as our insurance company, and harden our systems with our security team to prevent future incidents.
Attack follows nonprofit reception a grant of 15 million dollars of MacKenzie Scott, the billionaire ex-wife of Amazon founder Jeff Bezos. There is no evidence that Water for People was specifically targeted for this donation.
The organization operates in nine different countries, from Guatemala and Honduras in Latin America to Mozambique in Africa and India, and aims to improve access to water for more than 200 million people over the next eight years.
“While the recent cyberattack by Medusa Locker Ransomware did not impact our important work to combat the global water crisis and provide communities with sustainable access to clean water and sanitation services, it shows that even non-profit organizations like ours are in the crosshairs. of these threatening actors. We attempted negotiations in good faith which led to nothing,” added the spokesperson.
This is not the first time the Medusa gang’s activities have impacted an organization associated with the water supply, although the gang and its affiliates appear to work opportunistically, according to new analysis by Palo Alto Networks Unit 42.
Last year, an Italian company that provides drinking water nearly half a million people have been affected by the gang.
In 2021, US law enforcement agencies said ransomware gangs typically hit five. water and wastewater treatment plants in the country — not counting three other widely reported cyberattacks on Water services.
Despite the financial insecurity of many organizations in the nonprofit and NGO sector, most of which rely on donations to operate, they have not been immune to attacks from ransomware groups.
Last September, Save the Children International confirmed being hit by a cyberattack following a ransomware group’s claims that it breached the organization’s systems.
Unit 42’s data — based on posts on the gang’s extortion site — suggests that the nonprofit sector has been as regularly hit by Medusa as the media, entertainment and agriculture sectors .
According to the UK Data Protection Regulator security incident trend dataThe UK’s charitable and voluntary sector has reported more than 100 ransomware incidents since 2020.
The sector has also been targeted by state-sponsored hackers in incidents where the NGO was seen as working on politically sensitive issues, such as the attack on a human rights organization. Amnesty International Hong Kong in 2019.
The Medusa ransomware gang last year claims for stealing data from Toyota Financial Services. The group gave the company 10 days to pay an $8 million ransom. The gang afterwards made the headlines for an attack on a technology company created by two of Canada’s largest banks.
Unit 42’s analysis states: “Medusa’s indiscriminate targeting underscores the universal threat posed by these ransomware perpetrators. »
Future saved
Intelligence cloud.
No previous articles
No new articles
