When Microsoft acquired GitHub, it probably didn’t take into account that perhaps one day it will need to pay ransom fees in addition to the $7.5 million acquisition, but that’s apparently how at least some attackers feel about the situation.
GitHub, GitLab, and Bitbucket are three websites that have recently been targeted by ransomware attackers. The malicious codes had targeted select users on each of the three domains, by wiping code from their accounts and leaving behind a ransom note, that will need to be paid before the users were able to get their data back.
These attacks have hit full user repositories, meaning that there will be a lot of code that cannot be retrieved without payment, if the attackers are true to their word.
Details are scarce on how the attackers were able to get access to the accounts. The connection between GitHub and GitLab is seemingly in the “Git” part of the name, as they are connected to the same Git-repository.
Those compromised were said to be using the cross-platform SourceTree free Git client before the attacks occurred.
One user’s ransom note reportedly asked for 0.1 BTC, which today is roughly $568 in US currency.
To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at firstname.lastname@example.org with your Git login and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we don’t receive your payment in the next 10 Days, we will make your code public or use them otherwise.
It’s widely believed the reason for BitCoin maintaining a plausible existence is for black market payments because of the currencie’s ability to hide transactions. Thus, BitCoin also makes payments appealing for thieves and criminals, like those behind Ransomware attacks.