Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Attackers delete GitHub, GitLab, and Bitbucket repositories and replace with ransom notes

Attackers delete GitHub, GitLab, and Bitbucket repositories and replace with ransom notes

  • A GitHub search revealed almost 400 Github repositories that have been targeted in this manner.
  • According to BitcoinAbuse.com, there have been 27 abuse reports and all the abuse reports include the same ransom note.

What is the issue?

Attackers have targeted GitHub, GitLab, and Bitbucket users by replacing the code and commits from the victims’ Git repositories and leaving a ransom note that demands a ransom payment of 0.1 Bitcoin (~$570).

Why it matters?

The ransom note threatens victims to make the code public if they do not pay the ransom amount within 10 days.

“To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at admin@gitsbackup.com with your Git login and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we don’t receive your payment in the next 10 Days, we will make your code public or use them otherwise,” the ransom note read.

How many repositories targeted?

  • A GitHub search revealed almost 400 Github repositories that have been targeted.
  • According to BitcoinAbuse.com, there have been 27 abuse reports and all the abuse reports include the same ransom note.
  • Meanwhile, the attackers’ bitcoin address has received a single transaction of 0.00052525 BTC ($2.99) on May 3, 2019.

What is the response so far?

Kathy Wang, Director of Security at GitLab, said that they conducted an investigation and found out that compromised accounts have passwords being stored in plaintext on the deployment of a related repository. Wang also said that they have identified the affected user accounts and are notifying them.

“We strongly encourage the use of password management tools to store passwords in a more secure manner, and enabling two-factor authentication wherever possible, both of which would have prevented this issue,” Wang said.

Meanwhile, in a security advisory, Bitbucket noted that “a third party accessed your repository by using the correct username and password for one of the users with permission to access your repository.”

Bitbucket has taken the following steps to prevent further malicious activity:

  • It has reset passwords for the compromised accounts.
  • It is working closely with the law enforcement authorities and has taken steps to restore the compromised repositories.
  • It has requested its users to reset all other passwords associated with the Bitbucket account and to enable two-factor authentication on the Bitbucket account.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket