A King County food bank said it will need help recovering from a ransomware infection that affected its computer network.
At around 02:00 on 5 June, bad actors targeted the severs of Auburn Food Bank with ransomware. The crypto-malware, which according to Bleeping Computer was a variant of GlobeImposter 2.0, affected all of the food bank's computers. Those responsible for the attack then demanded that the food bank pay a ransom in exchange for the decryption key. Wisely, Auburn Food Bank chose not to pay the ransom, as doing so never guarantees that bad actors will provide a decryption key. That's been especially evident in infections involving GlobeImposter, a family of ransomware which Check Point named the second most-prevalent malware in August 2017. Just recently, victims reported on Bleeping Computer's forums that those wielding GlobeImposter don't send over the promised decryption tool following payment and either ignore all emails or demand more money instead. This decision to not pay the ransom left the food bank with one functioning computer to act as its server. Auburn Food Bank Director Debbie Christian said the organization's next step is to begin rebuilding its network and recreating its files. But she made it clear to Auburn Examiner that the food bank will need help covering the estimated $8,000 which it needs to replace its affected equipment:
We are going to need help paying for this. Not to pay the ransom, but to pay for the expense of recreating our computer system. We don’t have this kind of money budgeted and we are at the end of our fiscal year and heading into summer when money is already tighter.
She also said that the food bank is looking for assistance from individuals who'd be willing to volunteer their time and skills recreating forms and spreadsheets either remotely or in the office. Furthermore, she revealed that the food bank would benefit from volunteers who are willing to help move boxes. Those interested in helping the Auburn Food Bank can contact its office directly at (253) 833-8925. This attack highlights the importance of organizations taking steps to prevent a ransomware infection. Towards this goal, they should back up their systems on a regular basis and patch their software of known software vulnerabilities. They can also follow these additional tips.
