[ad_1]
Programmers say they've been hit by a ransomware that apparently clears validations from their Git repositories and replaces them with a demanding Bitcoin ransom note.
An unusual number of developers have seized online the harmful effects of the software, with at least two reports seen by El Reg referencing the free graphical interface Sourcetree for Git, made by Atlassian.
The pensions concerned are hosted on a number of platforms, from GitHub and GitLab to Bitbucket. It is therefore likely that the malicious program inadvertently targets poorly secured repositories rather than a particular vulnerability.
At a minimum, make sure your pensions are protected with multi-factor authentication and do not lose access tokens or passwords in your public configuration files.
"So I finished fixing a bug tonight," posted a victim on Reddit this week.
"I used sourcetree to apply the changes." As soon as I clicked the validation button, my laptop is stuck (it usually hangs, so I'm not sure that it's okay). it is a malicious software or the usual one) and I immediately restarted it by pressing long button. "
The user added that the ransom note he had received referred to[dot]com, and required about $ 560 in crypto-currency to de-fsck the repo.
Another post on Stack Exchange: "One of my deposits has been erased today and there is only one message left in its place with a ransom in bitcoins.I do not know how they accessed my they really can not see anything on the github security page. "
The user added: "I'm a little lost now that I have to do it, 2 factors have been enabled in github, the main server on which the code was used, I've deleted unused scripts, etc. the changed passwords, currently build a new server droplet and move everything as a precaution in case the server is accessed. "
A third, Stefan Gabos, wrote on Stackexchange: "I was working on a project and suddenly all the commits disappeared and were replaced by a single text file."
This file, consistently in all messages viewed by The register, bed:
To recover your lost code and avoid any leaks: send us 0.1 Bitcoin (BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by email at admin address[at]gitsbackup[dot]com with your Git ID and proof of payment. If you do not know if we have your data, contact us and we will send you a proof. Your code is downloaded and saved on our servers. If we do not receive your payment within the next 10 days, we will return your code or otherwise use it.
Gabos added that he "was using SourceTree, but I doubt that either, or that my system (Windows 10) has been compromised." I'm not saying it's not that, it's not the case. is just that I doubt it. " He said El Reg it uses the most recent version of Sourcetree (3.1.3), which was updated today compared to the previous version. The changelog is here.
Gabos added on Stackexchange that his code does not seem to have completely passed, because access to the hash of his commit had worked, concluding as follows: "The code is there but there is something wrong not with HEAD. " He continued to note that Git Reflog "show all my commits", updating as he learns more in his quest to recover his commits. In one edition, he added:
Atlassian, head of Sourcetree, had not responded to The registerInquiries at the time of publication. Check out updates to this article to learn how to recover your pensions if they are erased by the ransomware software. ®
Sponsored:
Become a leader in pragmatic security
[ad_2]
Source link