On the large code hosting platforms Bitbucket, Github and Gitlab, attackers have taken over several mainly private repositories, deleted their contents and deposited a request for a kind of ransom payment. If the affected users fail to respond to the claim in this particular type of ransomware attack, they are threatened with publishing the code.
Developers report such incidents on platforms such as Reddit or Stackexchange. Some have also turned to media such as The British IT magazine The Register. A search for the bitcoin address of blackmailers on Github currently still has more than 300 entries.
Read More Stories: X-PLANE 11.33 : Small update brings over 200 new airports
The fact that the attackers were able to take over the repositories suggests that they had access to the developers’ login data. These could, for example, come from attacks on other services, as long as the users have used their access data again.
However, it is also likely that the attackers obtained the data via risky .git directories, which were directly accessible via URLs. As has been known for years, security problems can occur if access data for the repository is stored there in configuration files.
Read More Stories: Operating Systems: Linux 5.1 optimizes asynchronous access
In an analysis, the operator Gitlab therefore refers to using other access paths for the repositories, such as SSH keys. Similarly, users of the services should enable two-factor authentication (2FA). In addition, since Git is a distributed version control system, the code itself should not be lost, but can be restored through a local copy. Gitlab also provides details on his blog.
Read More Stories: Firefox launches a second update that says fix problems with extensions