Git repositories wiped out & ransomed

Git is a distributed version control system that allows developers to track changes in source code during software development. Many services host Git for developers like GitHub, GitLab and so on. The news is that in a coordinated attack to these hosting services, attackers have removed all source code and recent commit. 

Git repositories wiped out & ransomed

Git repositories wiped out & ransomed

It has happened with hundreds of developers, and hackers have left a note asking for for a payment of 0.1 Bitcoin.  Once the payment is made, the hackers will re-upload all the source code. They have downloaded and stored in their servers, and the devs have ten days to pay, else the code will be made public. Here is the complete message:

To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at with your Git login and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we dont receive your payment in the next 10 Days, we will make your code public or use them otherwise.

How did it happen?

Its not about a weak password. The hacker has scanned for Git config files and collected all the passwords. He then used it to log in to Git hosting services and ransom the accounts.

The .git/config includes the remote URLs. Devs added username:password in it which should never be the case. It is without a doubt they should have used SSH, deploy keys or authenticate on each pull.

You can still recover without paying

According to Stefan Gabos@StackExchange, the code is not gone and is still there. When he tried accessing a commit’s has, it worked. The attacker has made a commit, and you can check that by executing the command git checkout origin/master.

In the same thread, Peter made a comment which makes it possible to get the complete code back. Here is what he says:

You get your local repository to look like you want it to be, then simply git push origin HEAD:master --force. You may have to unprotect the master branch to allow the forced push. It does not matter which branch you have checked out locally, or if you are detached. It will just forcefully make origin/master whatever your current HEAD is

Also, there is a live discussion going on at this thread if you want to ask some questions.

Posted by with Tags
Ashish is a veteran Windows, and Xbox user who excels in writing tips, tricks, and features on it to improve your day to day experience with your devices.

Leave a Reply

Your email address will not be published. Required fields are marked *

1 + 1 =