Ransomware attack targets GitHub accounts; erases their code repositories

There's been a hacking campaign against GitHub accounts for erasing the code repositories inside them followed with a ransom demanded off the account holders to be paid in bitcoin. The hackers assert they had downloaded each and every source code which they saved on a server under their operation. The hackers blackmail the account holders that their code would appear online free for everyone alternatively they would use it to meet their personal purpose.

The hack is said to have struck 392-or-more separate GitHub repositories, while overwriting on them certain ransom note demanding 0.1BTC equivalent of USD558 along with one e-mail making a confirmation when the payment is done. The assault apparently has as well struck code repositories within other GitHub like services such as GitLab and Bitbucket. During the attack, codes are reportedly being deleted from the said repositories via gaining admission into accounts protected with feeble passwords alternatively using credentials exposed off distinct services.

Atlassian's security researcher Jeremy Galloway while on a chat online told Motherboard that his organization had seen plentiful users' repositories becoming victims of the hacking attacks. Galloway of Bitbucket owned Atlassian stated he computed no less than 1,000 victims to have occurred through studies of online reports and internal numbers. The victim number appears to be considerably good given that searching GitHub online to obtain the hackers' bitcoin id gave back 392 projects. As accords to Bitbucket, it would revive impacted repositories soon, while according to a particular victim, he was able to restore his impacted code via reaching certain commit's hash. www.cryptoglobe.com posted this dated May 5, 2019.

GitLab's security director Kathy Wang said they started an investigation without the slightest delay. They had spotted impacted user accounts followed with notifying them all. The investigation strongly showed the hacked A/Cs had A/C passwords getting saved on an associated repository being deployed. The passphrases were saved in plaintext, Wang said.

Presumably, there hasn't been any ransom amount deposited into the hackers' id, since the total balance shows 0.0005BTC. GitHub as well as other services have advised their users to use the 2F authentication systems to stay protected.

» SPAMfighter News - 5/9/2019