Hackers are targeting large number of private git repositories and are demanding bitcoin to unlock it.
The news came to light, when a git user posted about this on reddit and stack Exchange. So, if you are using github and found your repository being empty all of sudden and found the below message (in a single text file), then you are affected by this ransomware .
The Message you might see..
To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at email@example.com with your Git login and a Proof of Payment.
If you had seen the above message, then you are likely to be affected but don't Panic ! your codes are not gone anywhere .
So, what is the cause/ what Security team says about this?
Though Github and its services are currently owned by Microsoft, the security team has found that there is no issue from their end, Meaning : They are saying, the accounts are accessed with the proper user name and password.
Here is the statement from Kathy Wang, the security director for GitLab.
“We have strong evidence that the compromised accounts have account passwords being stored in plaintext on a deployment of a related repository. We strongly encourage the use of password management tools to store passwords in a more secure manner,”
So, what to do now, if affected by ransomware demanding bitcoin ?
Luckily, a user from Stack Exchange has found solution to the above issue...
All you want to do is to run the following command as mentioned by Daniel from Security Exchange..
Use git push -u origin master -f && git push --tags -f from your local clone to push all references for master, tags and so on to the remote and then enable 2FA in your account.
If more branches are affected use git push -u --all -f
That's it, all your things will be restored.
You can read the complete post on this link.
Ransomware affects Git Repositories, here is how to restore your code without paying bitcoins
4/ 5Oleh Logesh