.png "back to home page")
Some suggested the hacker is using an exploit in SourceTree, a Git GUI app for Mac and Windows made by Atlassian.
— Catalin Cimpanu (@campuscodi) May 3, 2019
Now, someone says Atlassian is notifying users of failed login attempts from suspicious IP addresses.
To be fair, this is the only report I've seen. pic.twitter.com/NcNdVraNkz
Ransom reported across Git hosting services --GitHub, Bitbucket, and GitLab.
— Catalin Cimpanu (@campuscodi) May 3, 2019
Ok... up the victim count to hundreds, not just 27.
This seems like a very well orchestrated attack.https://t.co/cy8lPFCrpQ pic.twitter.com/YINebPbCk8
Ive also received an email from GitLab confirming @bad_packets' tweet that the hacker scanned the internet for Git configs and then used logins it found inside to access accounts on Git-hosing sites like GitHub/GitLab/Bitbuckethttps://t.co/FriNkOcPnP pic.twitter.com/QrHfk2isVf
— Catalin Cimpanu (@campuscodi) May 3, 2019
Please enable 2FA for your Git platforms and enforce it for all users of a group. https://t.co/p5TwaWHqoD
— Daniel Ruf (@DanielRufde) May 3, 2019
He's asking for bitcoins or he'll make the code PUBLIC.
— Rob Thomas (@xrobau) May 3, 2019
Per StackExchange, attacker doesn't appear to delete commits, but only alters commit headers.
— Catalin Cimpanu (@campuscodi) May 3, 2019
There's a way to recover some repos. See link:https://t.co/HoPc85Qjh2 pic.twitter.com/F4qIgmx0ju
Hacker wipes Git repositories and asks for Bitcoin. Gives victim 10 days and threatens to release the code. 27 cases (and counting) reported already.https://t.co/0qzgLRBVIx pic.twitter.com/mz1JOkTxTG
— Catalin Cimpanu (@campuscodi) May 3, 2019
Per BitcoinAbuseDatabase, at least 27 cases have been reported already. Probably more.https://t.co/FHT3D8BFLl pic.twitter.com/PS74sw7dxh
— Catalin Cimpanu (@campuscodi) May 3, 2019
Here's the ransom note. No funds received (except a test) in the linked BTC address. pic.twitter.com/UZ0CY6gmoa
— Catalin Cimpanu (@campuscodi) May 3, 2019
Attack appears to have stopped. No new abuse reports or GitHub repos are popping uphttps://t.co/AF7txVdias
— Catalin Cimpanu (@campuscodi) May 3, 2019
Attackers Wiping GitHub and GitLab Repos, Leave Ransom Notes https://t.co/9ZQk1XuV5q
— The Cyber Security Hub (@TheCyberSecHub) May 3, 2019
Mystery Git ransomware appears to blank commits, demands Bitcoin to rescue code https://t.co/I1p5QeM6eW
— Nicolas Krassas (@Dinosn) May 3, 2019
New: someone is hacking into GitHub and BitBucket repositories and holding them for ransom.
— Lorenzo Franceschi-Bicchierai (@lorenzofb) May 3, 2019
For now, there's hundreds fo victims, but the hackers haven't made any money. https://t.co/xiQysKppT8
Something something leaked credential stuffing something something silly buggers “wot no 2fa m8?”. Also why does github not do behavioural login analysis? https://t.co/8cN559uPom
— Daniel Cuthbert (@dcuthbert) May 3, 2019
Attack appears to have stopped. No new abuse reports or GitHub repos are popping uphttps://t.co/AF7txVdias
— Catalin Cimpanu (@campuscodi) May 3, 2019
A hacker is wiping Git repositories and asking for a ransom https://t.co/VykUVpPGr7
— Graham Cluley (@gcluley) May 3, 2019
A hacker is wiping Git repositories and asking for a ransom
— ᴉpᴉǝH (@winter_heidi) May 4, 2019
Hacker threatens to release the code if victims don't pay in 10 dayshttps://t.co/VnL1RHI89A
Some hacker is wiping Git repositories and asking for a ransom (ZDNet), https://t.co/kiPdi7p6R3
— ?? ??Ol' Dirty PCAP (@0x2AE) May 3, 2019
Hacker Wiping Github Repositories, Demanding Bitcoin Ransome https://t.co/P20Fi0BT7N
— Merkle Report (@merklereport) May 3, 2019
Per StackExchange, attacker doesn't appear to delete commits, but only alters commit headers.
— Catalin Cimpanu (@campuscodi) May 3, 2019
There's a way to recover some repos. See link:https://t.co/HoPc85Qjh2 pic.twitter.com/F4qIgmx0ju
One victim has claimed that the data is actually still in the repos but has an issue accessing it.https://t.co/OMDiEXfB7D pic.twitter.com/C06QMqopW6
— BleepingComputer (@BleepinComputer) May 3, 2019
Git repositories are being compromised by a hacker demanding a ransom in bitcoin #bitcoin #GitHub #GitLab https://t.co/qnkrrP2S9U pic.twitter.com/u63UZ1uZhZ
— Neowin (@NeowinFeed) May 4, 2019
RT @sectest9: RT @rtehrani: Mystery Git ransomware appears to blank commits, demands Bitcoin to rescue code https://t.co/omWkMHem1K#Cybersecurity #cybercrime #cyberattacks #hacker #hack #breach #phishing #dos #ransomware #malware #virus #apt #pii #ni… pic.twitter.com/DvbUgQnAAM
— ACCOUNT CLOSED, CHECK PINNED (@RedTeamRUHacked) May 4, 2019
RT @agedchild003: RT @rtehrani: Mystery Git ransomware appears to blank commits, demands Bitcoin to rescue code https://t.co/omWkMHem1K#Cybersecurity #cybercrime #cyberattacks #hacker #hack #breach #phishing #dos #ransomware #malware #virus #apt #pii… pic.twitter.com/DvbUgQnAAM
— ACCOUNT CLOSED, CHECK PINNED (@RedTeamRUHacked) May 4, 2019
Someone Is Hacking GitHub Repositories and Holding Code Ransom - Motherboard https://t.co/0ZnCGPTDBr
— Philippe Vynckier (@PVynckier) May 4, 2019
Someone Is Hacking GitHub Repositories and Holding Code Ransom https://t.co/uX2eBP20bS
— Paolo Passeri (@paulsparrows) May 4, 2019
Some Git source code repositories, including at least 392 from GitHub, have been wiped and replaced with a ransom demand in a possible coordinated attack (Catalin Cimpanu/ZDNet) https://t.co/RdPcePY8Rj
— Chris Heilmann (@codepo8) May 4, 2019
So this is happening now. Everybody should secure their git credentials and enable 2fa. https://t.co/mJpSKaDlO9
— Hiranya Jayathilaka ?? (@hiranya911) May 4, 2019
Attackers Wiping GitHub and GitLab Repos, Leave Ransom Notes https://t.co/mXsp7fd8My
— Nicolas Krassas (@Dinosn) May 4, 2019
Attackers wiping Github and Gitlab repos leave ransom notes
— Elena @ ?☕?? (@Beelzenef_) May 4, 2019
¡Revisad vuestros repos! https://t.co/j3AbZ0TF5w
RT @rtehrani: Mystery Git ransomware appears to blank commits, demands Bitcoin to rescue code https://t.co/omWkMHem1K#Cybersecurity #cybercrime #cyberattacks #hacker #hack #breach #phishing #dos #ransomware #malware #virus #apt #pii #nist #fcc #finra… pic.twitter.com/DvbUgQnAAM
— ACCOUNT CLOSED, CHECK PINNED (@RedTeamRUHacked) May 4, 2019
A hacker is wiping Git repositories and asking for a ransom https://t.co/DaET8TQ3iy#Cybersecurity #cybercrime #cyberattacks #hacker #hack #breach #phishing #dos #ransomware #malware #virus #apt #pii #nist #fcc #finra #hipaa #pci pic.twitter.com/7Vw1je1tCK
— Rich Tehrani (@rtehrani) May 4, 2019
A hacker is wiping Git repositories and asking for a ransom | ZDNet https://t.co/x60qTFMUEw
— おおはら (@ohhara_shiojiri) May 4, 2019
A hacker is wiping git repos and asking for ransoms to not release the code.
— eos design system (@eosdesignsystem) May 4, 2019
Open Source couldn't care less ?.#opensource #githttps://t.co/fXe4hutIuz
Woah guys!
— Princess Shuri ??? (@Empathic_Dev) May 4, 2019
https://t.co/TRY5JVjBw9
"all evidence suggests that the hacker has scanned the entire internet for Git config files, extracted credentials, and then used these logins to access and ransom accounts at Git hosting services"
A hacker is wiping Git repositories and asking for a ransom | ZDNet https://t.co/CTPF2vjwN3
— Kathy Reid in Canberra at #3AIFirstCohort (@KathyReid) May 4, 2019
A hacker is wiping Git repositories and asking for a ransom | ZDNet https://t.co/UsZ8I4ayyp@ChuckDBrooks @BentleyAudrey @JohnMaynardCPA @gvalan @mclynd @DrJDrooghaag @m49D4ch3lly @AlaricAloor @mirko_ross @DoD_CSIAC @clarinette02 @AlaricAloor @MHcommunicate
— Philippe Vynckier (@PVynckier) May 4, 2019
A hacker is wiping Git repositories and asking for a ransom https://t.co/7QEI6MlqDE
— Johan Moreau (@johan_moreau) May 4, 2019