According to today’s hackers, your code can be worthy of Bitcoins, 0.1 bitcoin to be exact. Just a couple of hours ago, in the wee hours of Friday, ZDNet issued alarming news. A collective attack on Git hosting services (GitHub, GitLab, Bitbucket) affected hundreds of GitHub repositories. These repositories were wiped, and identical ransom notes were left for the desperate coders.
The hackers claim to have stored the code on their servers and promised to release it back in turn for 0.1 Bitcoin per repository. The victims were given a deadline for ten days or their code will be made public!
According to GitHub search at least 392 GitHub repositories had been ransomed. Few victims have admitted having used weak passwords, however, shreds of evidence point out that the hacker has scanned the internet thoroughly for Git config files and used the credentials to access the Git hosting services for the ransomed accounts.
Kathy Wang, the Director of Security for GitLab confirmed to ZDNet that weak passwords must be the root cause.
“As a result of our investigation, we have strong evidence that the compromised accounts have account passwords being stored in plaintext on the deployment of a related repository.”
Prominent figures in the tech industry have reached out to the panic-stricken victims to contact Git or Bitbucket for their support as they are already investigating the matter and not to give in to the hackers. This was further confirmed by the members of StackExchange Security that the code must have been altered and in some cases, the version control can help in recovering the code without ransom.