LIVE
Strive Purchased About 17.76 BTC Last WeekReport: Russia's Serbank to Launch Crypto Wallet by DecemberBitmine Adds 42,197 ETH in One Week, Total Holdings Reach 5.74M ETHSouth Korea Crypto Seizure Rules Start October 1Binance Suspends Crypto Trading Services in France Amid MiCA PressureSaylor Says Bitcoin's Next Decade Will Be Driven by Protocol StabilityAave Monad Market Surpasses $100M in Deposits Two Days After LaunchMichael Saylor Says Bitcoin Is Digital Energy in Telegram PostSolana's Alpenglow Upgrade Could Cut Finality to 100-150msMichael Saylor Says Hard Consensus Is Bitcoin's Immune System on TelegramStrive Purchased About 17.76 BTC Last WeekReport: Russia's Serbank to Launch Crypto Wallet by DecemberBitmine Adds 42,197 ETH in One Week, Total Holdings Reach 5.74M ETHSouth Korea Crypto Seizure Rules Start October 1Binance Suspends Crypto Trading Services in France Amid MiCA PressureSaylor Says Bitcoin's Next Decade Will Be Driven by Protocol StabilityAave Monad Market Surpasses $100M in Deposits Two Days After LaunchMichael Saylor Says Bitcoin Is Digital Energy in Telegram PostSolana's Alpenglow Upgrade Could Cut Finality to 100-150msMichael Saylor Says Hard Consensus Is Bitcoin's Immune System on Telegram
Homepage/News/Hundreds of Git Code Repositories Hacked! Bitcoin Ransom Demanded
NEWS

Hundreds of Git Code Repositories Hacked! Bitcoin Ransom Demanded

BY Anca Florentis·2 MIN READ·MAY 7, 2019

Hundreds of private Git code repositories have been hacked and wiped clean, with the attackers demanding ransom in crypto for the stole data.

KEY FINDINGS - EVIDENCE LEVEL: MULTI-SOURCE
1Key sections mapped in this report
1Internal references connected to related coverage
4External source domains cited in the article
2 minEstimated time to read the full report

The hacker/ hackers have seemingly coordinated his attack to gain access to several hundred code repositories across Git hosting services GitHub, Bitbucket, and GitLab.

There is no clear information regarding how the attack was carried out, the only thing that is known is that all hacked source repositories have been swiped clean of their private code and that ransom note was left in their place.  The ransom note threatens to make the codes public if the victims fail to send the cryptocurrency ransom within ten days.

“To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at admin@gitsbackup.com with your Git login and a Proof of Payment,” the hacker or hackers said, according to a range of reports.

“If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we don’t receive your payment in the next 10 Days, we will make your code public or use them otherwise.”

The current value of 0.1 Bitcoin is priced at around $584 USD, which can add up to a substantial ransom if you multiply it to the number of victims. A GitHub search has shown that at least 392 GitHub repositories have been wiped in this hack.

Some believe that the hack occurred as the victims had weak passwords for their GitHub, GitLab, and Bitbucket accounts, or they forgot to remove access tokens for unused apps.

But evidence indicates that the hacker scoured the entire internet for Git config files and used the credentials in them to log into the accounts.

There is an upside to this, though. The users from the StackExchange Security forum discovered that the hacker did not actually delete the codes, but just changed Git commit headers, which means that most of the affected repositories can be recovered.

SOURCE TRANSPARENCY
  • External Source - Referenced domain: github.com
  • External Source - Referenced domain: bitbucket.org
  • External Source - Referenced domain: about.gitlab.com
  • External Source - Referenced domain: security.stackexchange.com
  • Byline - Reported by Anca Florentis
  • Coverage Desk - Primary editorial category: News