If you're hosting code on a Git repository such as Microsoft's GitHub, you may have some bad news when you visit your projects today, According to a report by ZDNet, a hacker is attacking repositories by wiping all of their content and replacing the files with a single note that asks for a ransom in order to get their files back. The ransom value is 0.1 bitcoin, which is around $567 as of the time of writing.
The note further claims that the payment must be made within the next ten days, otherwise the code will be made available to the public or be "used otherwise". On GitHub alone, searching for the bitcoin address provided for the ransom payment reveals that at least 392 repositories have had their content replaced with the threatening note.
Thankfully, despite the demands, it seems like the "lost" content isn't actually deleted. Instead, the hacker is just changing commit headers for the repositories, meaning at least some of the files might be recoverable. If you'd like to try and attempt to recover your files, this post may help. Otherwise, getting in touch with support for the Git platform you're using may help you avoid the ransom payment.
Bitcoin and other cryptocurrencies have provided an avenue of monetization when leveraged by a number of security risks and threats, with malicious mining scripts becoming somewhat recurrent, in addition to ransomware. As to how these accounts were accessed in the first place, some users have reportedly admitted to using weak passwords or forgetting to remove access tokens for old devices, which could be a gateway for attackers to get in.
12 Comments - Add comment