Medusa has demanded a $300,000 ransom from Water for People in exchange for the stolen information, but the nonprofit emphasized that attackers were only able to access data before 2021. Neither Water for People's financial systems nor its business operations were affected by the intrusion, according to a spokesperson for the organization. Such an intrusion comes months after Medusa targeted an Italian water supplier as part of its opportunistic attacks. A new study from Palo Alto Networks' Unit 42 revealed that non-government and nonprofit organizations have been equally targeted by Medusa as entities in the agriculture, entertainment, and media sectors. "Medusa's indiscriminate targeting emphasizes the universal threat posed by such ransomware actors," said Unit 42.