Water Charity Falls Victim to Ransomware Extortion


In a distressing turn of events, Water for People, a nonprofit dedicated to providing clean water to some of the world’s most impoverished regions, has become the latest target of a ransomware attack. The notorious Medusa gang, offering ransomware as a-service, listed the organization on its darknet site, threatening to expose sensitive information unless a hefty $300,000 ransom is paid.

Nonprofit Resilience Tested

Water for People assured the public that the accessed data predates 2021, posing no threat to their financial systems or business operations. A spokesperson stated they are actively collaborating with incident response firms and strengthening security measures to thwart future incidents. Despite receiving a generous $15 million grant from MacKenzie Scott, there’s no evidence linking the attack to this donation.

Global Impact

Operating across nine countries, including Guatemala, Honduras, Mozambique, and India, Water for People strives to enhance water access for over 200 million people in the next eight years. The cyber attack, attributed to the Medusa Locker Ransomware, underscores the vulnerability of even non-profit organizations to cyber threats, reflecting a disturbing trend in the sector.

Medusa’s Opportunistic Strikes

Notably, the Medusa gang has a history of targeting entities associated with water provision. Last year, an Italian company supplying drinking water to nearly half a million people fell victim to their attacks. The nonprofit sector, despite its financial challenges and reliance on donations, remains a frequent target for ransomware groups, mirroring a concerning global pattern.

Rise in Nonprofit Cyber Attacks

Unit 42’s analysis reveals that Medusa consistently targets the nonprofit sector, comparable to its engagements with the media, entertainment, and agriculture industries. Even in the United Kingdom, the charitable and voluntary sector has reported over 100 ransomware incidents since 2020, according to the British data protection regulator’s security incident trends.

U.S. Navy Shipbuilder Faces Fallout from Ransomware Breach

In a separate incident, a U.S. Navy shipbuilder, Fincantieri Marine Group, has confirmed a ransomware attack that exposed the personal information of nearly 17,000 individuals. The breach, occurring in April 2023, disrupted production and raised concerns about national security.

Breach Details Unveiled

Fincantieri Marine Group, responsible for building Navy vessels, faced significant production issues following the ransomware attack. The company recently disclosed that unauthorized access occurred between April 6 and April 12, 2023, compromising personal information such as names and Social Security numbers of 16,769 individuals, primarily Maine residents.

Response and Consequences

The shipbuilder has taken measures to secure its environment and initiated an extensive investigation into the incident. Victims are offered two years of free credit monitoring services. The Navy, while acknowledging the incident, has not provided additional comments. The cyber attack disrupted servers crucial for manufacturing machines, affecting operations for an extended period.

In the ever-evolving landscape of cyber threats, these incidents underscore the urgency for organizations, whether nonprofit or government-related, to fortify their digital defenses against the relentless onslaught of ransomware attacks.


Thanks & Regards ;Ashwini Kamble

Digital Marketer

Leave a Reply

Your email address will not be published. Required fields are marked *