Ransomware gang targets nonprofit providing clean water to world’s poorest

/in


Water for People, a nonprofit that aims to improve access to clean water for people whose health is threatened by a lack of it for drinking and sanitation, is the latest organization to have been hit by ransomware criminals.

The ransomware-as-a-service gang Medusa listed Water for People on its darknet site Thursday night, threatening to publish stolen information unless the nonprofit pays a $300,000 extortion fee.

A Water for People spokesperson told Recorded Future News: “The accessed data predates 2021, did not compromise our financial systems and no business operations were impacted. We’re working with top incident response firms, as well as our insurance company and hardening our systems with our security team to prevent future incidents.”

The attack follows the nonprofit receiving a $15 million grant from MacKenzie Scott, the billionaire ex-wife of Amazon founder Jeff Bezos. There is no evidence that Water for People was specifically targeted because of this donation.

The organization operates in nine different countries, from Guatemala and Honduras in Latin America, to Mozambique in Africa and to India, and aims to improve water access for more than 200 million people over the next eight years.

“While the recent cyber attack from Medusa Locker Ransomware has not impacted our important work fighting the global water crisis and equipping communities with lasting access to clean water and sanitation services, it does reflect that even non-profits like ours are in the cross-hairs of these threat actors. We attempted good-faith negotiations that led nowhere,” the spokesperson added.

It is not the first time the Medusa gang’s activities have impacted an organization associated with water provision, although the gang and its affiliates appear to work opportunistically, according to new analysis by Palo Alto Networks’ Unit 42.

Last year, an Italian company that provides drinking water to nearly half a million people was hit by the gang.

Back in 2021, U.S. law enforcement agencies said ransomware gangs in general had hit five water and wastewater treatment facilities in the country — not including three other widely reported cyberattacks on water utilities.

Despite…

Source…