Jump to content
Azazello

Git repositories Ransomware [SANS news]

Recommended Posts

Posted (edited)

FYI from the SANS NewsBites Vol. 21 Num. 036 (tech security newsletter):

Quote

Git Ransomware 
Hackers have been infecting code repositories with ransomware, wiping code and commits and replacing them with a text file ransom demand for Bitcoin. The hackers have targeted users on GitHub, GitLab, and Bitbucket. It is not clear how the attackers gained access to the accounts.
 
Read more in:
- www.theregister.co.uk: Mystery Git ransomware appears to blank commits, demands Bitcoin to rescue code
- www.bleepingcomputer.com: Attackers Wiping GitHub and GitLab Repos, Leave Ransom Notes
- www.vice.com: Someone Is Hacking GitHub Repositories and Holding Code Ransom

 

 

Edited by Azazello

Share this post


Link to post

And this is why you should have a text backup of all the produced content that you make... not that I own that, as I also don't have one for the MMFAQs I made... but next time, we won't know any better, either. Such a life.

Share this post


Link to post

Git is a versioning system, so they can't really hurt many authors — you have a local backup automatically. Breaches like this may look intimidating, but they're easy to undo.

Share this post


Link to post

Well, if you store password using plain text (GitLab response), or compromise it (Github response) it's not surprise that somebody could do whatever he want to you repos.

Share this post


Link to post

I agree with all:

Some people either get too complacent or too lazy to mirror their code bases on :gasp: their own storage, especially the non-commercial repo user.

But we can't ignore the fact that the security of these hosting sites - GitHub in particularly - is presumed by their users to be as good as or better than a person's harddrive. I mean, it's not like many developers have lost literally years worth of work from a HD crash, ahaha-- Oh wait...

 

On 5/11/2019 at 4:39 AM, lynx said:

Git is a versioning system, so they can't really hurt many authors — you have a local backup automatically. Breaches like this may look intimidating, but they're easy to undo.

Git certainly is, but GitHub and those other services are code hosting sites - says so right on the package.

GitHub make its bread&butter from providing hosting services to money-paying, commercial|corporate users -- all before Microsoft invested in, bought them. This kind of breach better not have happened with those users...

Most non-paying users who haven't saved locally are safe in that their hosted code base has probably been forked anyway, already, so somebody in the world can provide a copy of that.

I wonder how much GitHub charges if you asked them to provide a restore from their backups, hmm...

Share this post


Link to post

You're missing the point of git — all history is preserved, so even force pushes can be undone. Of course, if you rely on just the browser to interact with your repos, then you're already using a very limited subset of the power and safety git offers.

Share this post


Link to post
Posted (edited)

I'm not missing the point - and you just made mine -- casual users of the service aren't using those features.

Edited by Azazello

Share this post


Link to post

Everything on GitHub revolves around using git.  Where are you getting your stats on these casual users?

Share this post


Link to post

Who changed the title of this thread? And why?

Share this post


Link to post

Looks like Mike merged threads, and it took the title from Grammarsalad's thread.

Share this post


Link to post

so...?

ok, I changed it back.

Share this post


Link to post
Guest
You are commenting as a guest. If you have an account, please sign in.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×