Stories
Slash Boxes
Comments

SoylentNews is people

A Hacker is Wiping Git Repositories and Asking for a Ransom

posted by Fnord666 on Monday May 06 2019, @07:47AM   Printer-friendly
from the aren't-they-already-public? dept.

MrPlow writes:

Submitted via IRC for SoyCow0152

Hundreds of developers have had had Git source code repositories wiped and replaced with a ransom demand.

The attacks started earlier today, appear to be coordinated across Git hosting services (GitHub, Bitbucket, GitLab), and it is still unclear how they are happening.

What it is known is that the hacker removes all source code and recent commits from vitcims' Git repositories, and leaves a ransom note behind that asks for a payment of 0.1 Bitcoin (~$570).

The hacker claims all source code has been downloaded and stored on one of their servers, and gives the victim ten days to pay the ransom; otherwise, they'll make the code public.

Source: https://www.zdnet.com/article/a-hacker-is-wiping-git-repositories-and-asking-for-a-ransom/

Original Submission

 
This discussion has been archived. No new comments can be posted.
A Hacker is Wiping Git Repositories and Asking for a Ransom | Log In/Create an Account | Top | 20 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Informative) by Anonymous Coward on Monday May 06 2019, @08:44AM (2 children)

    by Anonymous Coward on Monday May 06 2019, @08:44AM (#839550)

    so I understand the bit about closed-source code being made public, that means they got unauthorized access to your data.
    but why would anyone care about them "deleting" the online repository? git is decentralized. If you have a local clone, you have everything already, and you are supposed to have backups of your local clone anyway (since you're supposed to have backups of your home folder).

    Starting Score:    0  points
    Moderation   +5  
       Insightful=2, Informative=3, Total=5
    Extra 'Informative' Modifier   0  
    Total Score:   5  

  • (Score: 3, Insightful) by darkfeline on Tuesday May 07 2019, @03:34AM (1 child)

    by darkfeline (1030) on Tuesday May 07 2019, @03:34AM (#839988) Homepage

    So they actually notice the ransom note.

    I wouldn't be surprised if this started out with the attacker dropping a file in the repository, then noticing he got back zero responses within the deadline.

    The kind of company that would get hit by this attack probably wouldn't notice a benign "Add ransom note" commit; just git pull; git push, business as usual.

    Now, deleting the entire repo, it's be kinda hard not to notice that.

    --
    Join the SDF Public Access UNIX System today!

    • (Score: 1, Troll) by realDonaldTrump on Tuesday May 07 2019, @05:55AM

      by realDonaldTrump (6614) on Tuesday May 07 2019, @05:55AM (#840021) Homepage Journal

      This one is massive Clickbate. Article says they "remove." WRONG. Because, Aricle also says they DO NOT DELETE. At BOTTOM of Article. It even has Link -- how to Recovery!!!!