Skip to main content

Hackers demanding bitcoin payments for code held hostage from GitHub and GitLab

Hackers are demanding bitcoin payments in exchange for code that they have extracted from GitHub, GitLab, and Bitbucket repositories, through ransom notes that they have left behind for their victims.

Hackers have removed all the source code from the repositories, and in exchange is a ransom note that demands 0.1 bitcoin, which is equivalent to about $570. The hackers claim to be willing to send proof that they are indeed holding the code hostage, backed up on their own servers.

“If we don’t receive your payment in the next 10 days, we will make your code public or use them otherwise,” the hackers wrote to end the ransom note.

There were a total of 392 GitHub repositories that had their commits and code wiped out by an account named gitbackup, which was created seven years ago on January 25, 2012, according to Bleeping Computer. So far, none of the victims have succumbed and paid the ransom to the hackers, which is good as there is no assurance that the code will indeed be returned.

It remains unclear how the hacker or hackers are gaining access to the repositories to be able to wipe out the stored codes and leave behind the ransom note. One user received a response from Atlassian, the company behind Bitbucket and the cross-platform free Git client SourceTree, regarding an attempted breach.

“Within the past few hours, we detected and blocked an attempt — from a suspicious IP address — to log in with your Atlassian account. We believe that someone used a list of login details stolen from third-party services in an attempt to access multiple accounts,” Atlassian told the user.

According to investigations by GitHub, in cooperation with the security teams of other affected companies, there was no evidence that the authentication systems of the repositories were compromised. It appears that the account credentials of the victims were acquired by hackers from third-party exposures, which is one of the risks of using a username and password in more than one service.

GitHub recommends its customers to use two-factor authentication, in conjunction with strong passwords, for better protection. However, one victim said that the hackers were still able to gain access even with two-factor authentication enabled, suggesting a vulnerability within GitHub’s systems.

Editors' Recommendations

Aaron Mamiit
Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…
NordVPN free trial: Try the service for free for a month
The best VPN for Mac is NordVPN.

VPNs can offer a lot of great advantages depending on what sort of things you want to do. For example, if you're traveling and still want to watch content from back home, they can offer you a way to get around geoblocking that tends to happen. Alternatively, they can help protect you against man-in-the-middle attacks that aim for your identity information, such as online passwords or even credit card numbers, which is especially an issue if you tend to connect to public Wi-Fi networks. While they aren't perfect security tools, they're a great addition to make your life easier, especially since some of the best VPNs include a whole suite of products, including ad blockers.

VPNs are premium subscription services though, meaning they're not free (well, some are, but you probably shouldn't use them).  VPN deals can cut some cash off the price tag, but there's only one way to get one absolutely free -- free trials. NordVPN is one of the best VPN services, so the NordVPN free trial is very popular. It's great for security, and it's the best VPN for Netflix. Read on to learn how you can take advantage of the NordVPN free trial.
Is there a NordVPN free trial?

Read more
The most common Microsoft Teams problems and how to fix them
A close-up of someone using Microsoft Teams on a laptop for a videoconference.

Microsoft Teams was introduced in 2017 as a unified communication and collaboration platform aimed at helping businesses and organizations get things done. Microsoft leveraged the company's existing Office software experience and created a unified experience between Teams, Office 365, and Skype for Business. However, as with all software, things don't always go according to plan. Sometimes you can run into Teams problems.

We're big Teams users here at Digital Trends -- it's our go-to communication and meeting tool -- and we've come across a few issues ourselves over the years. In the event you're having Microsoft Teams issues, here's how to fix some of the most common problems.

Read more
How to tell if your webcam has been hacked
Razer webcam sitting on top of a monitor.

Having your webcam hacked is a terrifying prospect for many -- and a good reason to use a dedicated webcam cover. Not only does it represent an incredible invasion of privacy, but it has the potential to grab biometric data and other personal information that could be used to further expose you and steal your identity.

Often a hacked webcam is just part of a comprehensive malware assault, though, so protecting yourself against it involves having some of the best antivirus protection you can, while keeping your system updated. Even with robust protections in place, though, you should always keep an eye out for the tell-tale signs of a hacked webcam. Here's what to look out for.
The light on your webcam turns on at strange times

Read more