A Hacker Wiping GitHub Code Repositories and demanding 0.1 Bitcoin to Recover

According to the search data on GitHub, a hacker recently invaded GitHub 392 code repository and deleted all source code. They replaced the source code with a ransom demand on Microsoft-owned GitHub. 0.1 bitcoin of ransom is demanded.

The hacker attacked the open source platform GitHub. Many users’ code repositories have been removed. According to report, the collected evidence suggests that the hacker has scanned the whole Internet for Git config files, extracted credentials, and then used these logins to access and take accounts at Git hosting services hostage for ransom. The hacker requires hundreds of developers to pay a ransom in order to restore their source codes.

The ransom message says, “To recover your lost code and avoid leaking it, send us 0.1 Bitcoin (BTC) to our Bitcoin address ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by email at admin@gitsbackup.com with your Git login and a proof of payment. If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. “If we don’t receive your payment in the next 10 days, we will make your code public or use them otherwise.”

So far, people only can tracks the given Bitcoin addresses used for suspicious activity. There have been dozens of abuse reports for this address since the attacks. Evidence suggests that this Bitcoin address in a coordinated attack aimed at Git accounts. According to some victims, they used weak passwords on the platforms. Therefore, it is important use strong and unique passwords for every account. To avoid data and financial loss, you can install security software and password manager for solid protection. The useful tools can reduce your burden and keeps your precious data safe as well.