Jump to content

Git repositories Ransomware [SANS news]


Recommended Posts

FYI from the SANS NewsBites Vol. 21 Num. 036 (tech security newsletter):

Quote

Git Ransomware 
Hackers have been infecting code repositories with ransomware, wiping code and commits and replacing them with a text file ransom demand for Bitcoin. The hackers have targeted users on GitHub, GitLab, and Bitbucket. It is not clear how the attackers gained access to the accounts.
 
Read more in:
- www.theregister.co.uk: Mystery Git ransomware appears to blank commits, demands Bitcoin to rescue code
- www.bleepingcomputer.com: Attackers Wiping GitHub and GitLab Repos, Leave Ransom Notes
- www.vice.com: Someone Is Hacking GitHub Repositories and Holding Code Ransom

 

 

Edited by Azazello
Link to comment

And this is why you should have a text backup of all the produced content that you make... not that I own that, as I also don't have one for the MMFAQs I made... but next time, we won't know any better, either. Such a life.

Link to comment

Git is a versioning system, so they can't really hurt many authors — you have a local backup automatically. Breaches like this may look intimidating, but they're easy to undo.

Link to comment

I agree with all:

Some people either get too complacent or too lazy to mirror their code bases on :gasp: their own storage, especially the non-commercial repo user.

But we can't ignore the fact that the security of these hosting sites - GitHub in particularly - is presumed by their users to be as good as or better than a person's harddrive. I mean, it's not like many developers have lost literally years worth of work from a HD crash, ahaha-- Oh wait...

 

On 5/11/2019 at 4:39 AM, lynx said:

Git is a versioning system, so they can't really hurt many authors — you have a local backup automatically. Breaches like this may look intimidating, but they're easy to undo.

Git certainly is, but GitHub and those other services are code hosting sites - says so right on the package.

GitHub make its bread&butter from providing hosting services to money-paying, commercial|corporate users -- all before Microsoft invested in, bought them. This kind of breach better not have happened with those users...

Most non-paying users who haven't saved locally are safe in that their hosted code base has probably been forked anyway, already, so somebody in the world can provide a copy of that.

I wonder how much GitHub charges if you asked them to provide a restore from their backups, hmm...

Link to comment

You're missing the point of git — all history is preserved, so even force pushes can be undone. Of course, if you rely on just the browser to interact with your repos, then you're already using a very limited subset of the power and safety git offers.

Link to comment

Join the conversation

You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...