Food Bank asks for charity after GlobeImposter 2.0 attack

Auburn Food Bank refuses to pay the ransom, asks for charity to recreate the network instead

Auburn Food Bank attacked by GlobeImposter 2.0 ransomware that may demand even more than the organization needs to recover the system. Recently, Food Bank's servers got attacked by the ransomware which keeps demanding a ransom in exchange for recovering affected files.^[1] It was revealed that the virus keeping organization's employees disabled from accessing their emails is the infamous GlobeIposter 2.0. However, the officials from the Food Bank refused to do so and decided to ask for the support to help them pay the demanded ransom.^[2]

Instead of paying, Washington-based Food Bank decided to recover encrypted files themselves and recreate the entire network. However, since there is the only machine that was recovered, the organization attempts to maintain its activity this way.

There is no information on how was the ransomware virus delivered or how much is required as a ransom. The incident occurred on June 5, around 2:00 AM, when the office was empty. After discovery, all malicious components were cleared out, including the email server. Since paying is not the option, the organization is seeking to rebuild the network and files from scratch.

The organization refused to pay the ransom

The director of the Auburn Food Bank, Debbie Christian, decided to ask people for donations. However, the money is not going for the ransom payment. The organization is seeking to rebuild the network which can cost up to $8,000. However, it is probably less than virus developers are demanding from the victim.

It is known that GlobeImposter ransomware creators are asking for up to $10,000 in Bitcoin.^[3] This is the amount that Food Bank is not capable of covering, so the organization is asking for funds from the community, according to the officials:

Not to pay the ransom, but to pay for the expense of recreating our computer system. We don’t have this kind of money budgeted and we are at the end of our fiscal year and heading into summer when money is already tighter.

The ransom note delivered in an HTML window is named as HOW TO DECRYPT YOUR FILES. It typically contains the contact email and an offer for testing the decryption procedure of one file. There is no need to trust such people since the only goal is getting money from victims.^[4] To gain trust, criminals are offering the test decryption, but the decryption key is not delivered after the ransomware payment, in most cases.

Ransomware – a common threat targeting organizations

A nonprofit entity that distributes free food for families is not the first organization hit by crypto-extortion based malware that refused to pay for the developers. This is the more common reaction for big organizations because paying cannot be the only solution when there is more on the line than important data.^[5]

Many researchers suggest staying away from contacting ransomware developers. This is the tip that we also give for everyday users and big corporates because cybercriminals are not trustworthy in any case. Employing a good IT security firm can be better than relying on malicious actors.

In this case, Food Bank offers people to contribute by donating through the Network for Good form that accepts various amounts of charity.^[6] It can be on-time donation or a monthly/ annually/ quarterly fee. Donations can be made anonymously without sharing any contact information. People also can volunteer at the office or from home to help fill out forms needed for charity activities.