Medusa Ransomware Hits World Vision Perú in Cyberattack

Incident Date:

October 13, 2024

World map

Overview

Title

Medusa Ransomware Hits World Vision Perú in Cyberattack

Victim

World Vision Perú

Attacker

Medusa

Location

Caraz, Peru

, Peru

First Reported

October 13, 2024

Medusa Ransomware Group Targets World Vision Perú

World Vision Perú, a prominent branch of the global humanitarian organization World Vision, has fallen victim to a ransomware attack orchestrated by the Medusa group. This incident, discovered on October 14, highlights the vulnerabilities faced by non-profit organizations dedicated to humanitarian efforts.

About World Vision Perú

World Vision Perú is a Christian relief, development, and advocacy organization focused on improving the lives of children, families, and communities in Peru. Founded in 1994, the organization operates from its headquarters in Lima and employs approximately 281 individuals. With an estimated annual revenue of $4 million, World Vision Perú implements programs addressing critical issues such as child nutrition, education, and community development. The organization stands out for its comprehensive approach to child welfare, emphasizing long-term development strategies that empower communities.

Attack Overview

The Medusa ransomware group, known for its sophisticated tactics, has claimed responsibility for the attack on World Vision Perú. While the exact size of the data leak remains unknown, the breach underscores the persistent threat posed by cybercriminals to non-profit entities. Medusa's modus operandi involves encrypting critical data and demanding substantial ransoms for decryption keys, often releasing stolen data publicly if ransoms are not paid.

Medusa Ransomware Group Profile

Emerging in late 2022, Medusa operates as a Ransomware-as-a-Service (RaaS) platform, allowing affiliates to launch attacks using its ransomware. The group has gained notoriety for targeting various sectors globally, including education, healthcare, and government services. Medusa distinguishes itself by its ability to compromise and exfiltrate large volumes of confidential data, as demonstrated in previous attacks on organizations like the Minneapolis Public School District and American Renal Associates.

Potential Vulnerabilities

Non-profit organizations like World Vision Perú are particularly vulnerable to ransomware attacks due to limited cybersecurity resources and the sensitive nature of the data they handle. Medusa's ability to disable shadow copies and kill numerous applications and services makes it challenging for organizations to detect and mitigate attacks. This incident serves as a stark reminder of the need for effective cybersecurity measures to protect humanitarian efforts from cyber threats.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.