A hacker is wiping Git repositories

General discussion and chat (archived)
John connor

A hacker is wiping Git repositories

Unread post by John connor » 2019-05-04, 02:44

Hundreds of developers have had had Git source code repositories wiped and replaced with a ransom demand.

The attacks started earlier today, appear to be coordinated across Git hosting services (GitHub, Bitbucket, GitLab), and it is still unclear how they are happening.

What it is known is that the hacker removes all source code and recent commits from vitcims' Git repositories, and leaves a ransom note behind that asks for a payment of 0.1 Bitcoin (~$570).


https://www.zdnet.com/article/a-hacker- ... -a-ransom/

Walter Dnes
Astronaut
Astronaut
Posts: 650
Joined: 2015-07-30, 20:29
Location: Vaughan, ON, Canada

Heads up: Ongoing attacks against Github

Unread post by Walter Dnes » 2019-05-04, 07:15

https://www.zdnet.com/article/a-hacker-is-wiping-git-repositories-and-asking-for-a-ransom/
Hundreds of developers have had had (sic) Git source code repositories wiped and replaced with a ransom demand.

The attacks started earlier today (May 3), appear to be coordinated across Git hosting services (GitHub, Bitbucket, GitLab), and it is still unclear how they are happening.

What it is known is that the hacker removes all source code and recent commits from vitcims' Git repositories, and leaves a ransom note behind that asks for a payment of 0.1 Bitcoin (~$570).
I assume that the devs have some form of offsite backup.
There's a right way
There's a wrong way
And then there's my way

User avatar
adesh
Board Warrior
Board Warrior
Posts: 1277
Joined: 2017-06-06, 07:38

Re: Heads up: Ongoing attacks against Github

Unread post by adesh » 2019-05-04, 07:21

UXP and related repositories seem to be up. No issues here!

Duplicate - viewtopic.php?f=4&t=22011

New Tobin Paradigm

Re: Heads up: Ongoing attacks against Github

Unread post by New Tobin Paradigm » 2019-05-04, 08:16

If you read the article people were scraping webservers for plaintext configuration of otherwise private repositories with passwords. So, that is what this is.. Since we don't normally use private repositories and we don't have any where our git credentials would be except on our local systems.. We are pretty well in the clear. However, it may be a good idea for you and anyone who has access to your shit to change their passwords.

User avatar
Isengrim
Board Warrior
Board Warrior
Posts: 1325
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: A hacker is wiping Git repositories

Unread post by Isengrim » 2019-05-04, 10:25

Also check your "authorized access list" or whatever it is on GitHub and clean up any permissions for apps/services you are no longer using.
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: A hacker is wiping Git repositories

Unread post by Moonchild » 2019-05-04, 12:18

I think the best way is to cycle everything regarding third party access.
Specifically, make sure to remove OAuth apps, revoke all access -- then change your password or update credentials, then re-authorize only those apps you are actively using.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

RJARRRPCGP
Lunatic
Lunatic
Posts: 400
Joined: 2015-06-22, 19:48
Location: USA (North Springfield, Vermont)
Contact:

Re: A hacker is wiping Git repositories

Unread post by RJARRRPCGP » 2019-05-04, 22:34

Speaking of hack attacks, I received a threatening E-mail in the Yahoo spam folder, telling me that it got my password and showed the password that was generated by me! IIRC, by that time, I wasn't even using that password on YouTube and I already had different passwords for others. IIRC, it also tried to get me to click, talking about there being a ransom or malware in general. The ransom part is fake, but the password theft was genuine!

For any web service that still even had that password used, for fear of me being punished for making a request to change the password, for any that I remembered using recently, there were off-the-chart emergency password changes!

I have already changed passwords way after that and the password affected was one I generated in 2008.

I probably started using different passwords in or closer to 2015. And due to fears of a hack attack, before I saw that E-mail, I already had new passwords in 2018.

Locked