The hacker/ hackers have seemingly coordinated his attack to gain access to several hundred code repositories across Git hosting services GitHub, Bitbucket, and GitLab.
There is no clear information regarding how the attack was carried out, the only thing that is known is that all hacked source repositories have been swiped clean of their private code and that ransom note was left in their place. The ransom note threatens to make the codes public if the victims fail to send the cryptocurrency ransom within ten days.
“To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at admin@gitsbackup.com with your Git login and a Proof of Payment,” the hacker or hackers said, according to a range of reports.
“If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we don’t receive your payment in the next 10 Days, we will make your code public or use them otherwise.”
The current value of 0.1 Bitcoin is priced at around $584 USD, which can add up to a substantial ransom if you multiply it to the number of victims. A GitHub search has shown that at least 392 GitHub repositories have been wiped in this hack.
Some believe that the hack occurred as the victims had weak passwords for their GitHub, GitLab, and Bitbucket accounts, or they forgot to remove access tokens for unused apps.
But evidence indicates that the hacker scoured the entire internet for Git config files and used the credentials in them to log into the accounts.
There is an upside to this, though. The users from the StackExchange Security forum discovered that the hacker did not actually delete the codes, but just changed Git commit headers, which means that most of the affected repositories can be recovered.