Git repositories Ransomware [SANS news]

[Azazello]

FYI from the SANS NewsBites Vol. 21 Num. 036 (tech security newsletter):

Quote

Git Ransomware 
Hackers have been infecting code repositories with ransomware, wiping code and commits and replacing them with a text file ransom demand for Bitcoin. The hackers have targeted users on GitHub, GitLab, and Bitbucket. It is not clear how the attackers gained access to the accounts.
 
Read more in:
- www.theregister.co.uk: Mystery Git ransomware appears to blank commits, demands Bitcoin to rescue code
- www.bleepingcomputer.com: Attackers Wiping GitHub and GitLab Repos, Leave Ransom Notes
- www.vice.com: Someone Is Hacking GitHub Repositories and Holding Code Ransom

 

 

Edited May 19, 2019 by Azazello

[Jarno Mikkola]

And this is why you should have a text backup of all the produced content that you make... not that I own that, as I also don't have one for the MMFAQs I made... but next time, we won't know any better, either. Such a life.

[lynx]

Git is a versioning system, so they can't really hurt many authors — you have a local backup automatically. Breaches like this may look intimidating, but they're easy to undo.

[AL|EN]

Well, if you store password using plain text (GitLab response), or compromise it (Github response) it's not surprise that somebody could do whatever he want to you repos.

[Azazello]

I agree with all:

Some people either get too complacent or too lazy to mirror their code bases on :gasp: their own storage, especially the non-commercial repo user.

But we can't ignore the fact that the security of these hosting sites - GitHub in particularly - is presumed by their users to be as good as or better than a person's harddrive. I mean, it's not like many developers have lost literally years worth of work from a HD crash, ahaha-- Oh wait...

 

On 5/11/2019 at 4:39 AM, lynx said:

Git is a versioning system, so they can't really hurt many authors — you have a local backup automatically. Breaches like this may look intimidating, but they're easy to undo.

Git certainly is, but GitHub and those other services are code hosting sites - says so right on the package.

GitHub make its bread&butter from providing hosting services to money-paying, commercial|corporate users -- all before Microsoft invested in, bought them. This kind of breach better not have happened with those users...

Most non-paying users who haven't saved locally are safe in that their hosted code base has probably been forked anyway, already, so somebody in the world can provide a copy of that.

I wonder how much GitHub charges if you asked them to provide a restore from their backups, hmm...

[lynx]

You're missing the point of git — all history is preserved, so even force pushes can be undone. Of course, if you rely on just the browser to interact with your repos, then you're already using a very limited subset of the power and safety git offers.

[Azazello]

I'm not missing the point - and you just made mine -- casual users of the service aren't using those features.

Edited May 13, 2019 by Azazello

[Mike1072]

Everything on GitHub revolves around using git.  Where are you getting your stats on these casual users?

[Grammarsalad]

https://github.blog/2019-05-14-git-ransom-campaign-incident-report/

[Azazello]

Who changed the title of this thread? And why?

[CamDawg]

Looks like Mike merged threads, and it took the title from Grammarsalad's thread.

[Mike1072]

Wow, that's weird.

[Azazello]

so...?

ok, I changed it back.