A radical new approach is being utilized by hackers who want to blackmail victims of their ransomware to pay them a decryption fee. The new strategy is to encrypt developer repositories on popular services like GitHub and BitBucket by breaking into their accounts and using the file processing code to make the data inaccessible. This is a potent approach as it can leverage the fact that most of the code posted on private repositories may be valuable and the account holders may be much more likely to pay the decryption sum.
GitHub and BitBucket Targeted By Hackers and Their Ransomware
Computer criminals are constantly changing their tactics in order to blackmail users and receive payment in return. The most popular example is the creation of ransomware viruses — they encrypt target user data and make the victims pay the hackers a “decryption” fee. They now attack not individual computers and networks but code repositories. Incidents have been reported with the most popular platforms — GitHub and BitBucket. The criminals will break into the accounts and process the files.
Several victims have already posted about this on various online communities which confirms that this is a prevalent hacking strategy. A dangerous scenario is where private projects have been affected which can result in serious financial losses for the project owners if they do not have backups of the code. Often in these cases the criminals who are behind the attacks will not restore access to the code and may even use it for their own purposes. If it is deemed as of high quality it can be sold in the dark underground markets or sold to competitors.
One of the hacked repositories includes the following message:
To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) [around $590] to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at admin@gitsbackup.com with your Git login and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we dont receive your payment in the next ten Days, we will make your code public or use them otherwise
We will update the article with new information when such is available.
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: