Cyber Incident Victim: Auburn Food Bank
Date:
Jun 2019
Location:
United States of America
Summary
A nonprofit food distribution organization in Washington state suffered a ransomware attack attributed to GlobeImposter 2.0, which encrypted nearly all network systems during off-hours. The attackers demanded payment in bitcoin for decryption keys, though the organization refused to engage with the criminals and instead wiped all infected devices including email servers, opting to rebuild their infrastructure. This resulted in an estimated $8,000 replacement cost for compromised equipment, creating financial strain as the charity lacked dedicated funds for such expenses. The incident disrupted operations, necessitating recreation of digital documents and forms. The organization sought public assistance through monetary donations and volunteer support to reconstruct their systems and restore services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 5, 2019, at approximately 2:00 AM, Auburn Food Bank in King County, Washington, experienced a ransomware attack that encrypted all computers on its network. The attack occurred when no staff were present in the office. The ransomware strain was identified as GlobeImposter 2.0, which typically infiltrates systems through affiliate distributors and lacks publicly available decryption tools. The malware rendered all networked devices inoperable except for one machine that remained unaffected, allowing the organization to continue limited charity operations. Auburn Food Bank Director Debbie Christian confirmed the nonprofit did not engage with the attackers to determine the ransom amount, which historically ranged up to 1.2 bitcoins (~$9,500 at the time), as GlobeImposter operators frequently reneged on decryption promises after payment. The organization opted to wipe all compromised systems, including their email server, rather than negotiate with the threat actors. No method of initial network compromise was disclosed. Recovery efforts focused on rebuilding the network infrastructure and restoring lost files through manual recreation.
The incident disrupted Auburn Food Bank’s operations, which provide free food distribution to families within the Auburn School District boundaries. Financial impacts included an estimated $8,000 in equipment replacement costs, a significant burden given the nonprofit’s constrained budget at the end of its fiscal year. To offset expenses, the organization solicited public donations through a Network for Good platform, accepting one-time or recurring contributions with optional anonymity. Additionally, volunteers were sought to assist with recreating operational documents—primarily Word and Excel forms—either on-site or remotely via thumb drives. Christian emphasized that summer typically strained resources further, compounding the urgency of rebuilding IT capabilities without diverting funds from core charitable activities. The food bank provided a contact number (253-833-8925) for coordination of volunteer support, maintaining service continuity through the single unaffected workstation during recovery.