GitHub Hit by Hacker Holding Code Repositories for Ransom

Hackers have hit open source software development platform GitHub, removing code repositories and asking ransom from developers in order to restore their source codes.

According to a report in ZDNet late on Friday, hundreds of developers have had their source code repositories wiped and replaced with a ransom demand on Microsoft-owned GitHub.

"What is known is that the hacker removes all source code and recent commits from victims' Git repositories, and leaves a ransom note behind that asks for a payment in Bitcoins," the report added.

The hackers claim all source code has been downloaded and stored on one of their servers.

"To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address and contact us by email at admin@gitsbackup.com with your Git login and a proof of payment," read the ransom message.

"If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers.

"If we don't receive your payment in the next 10 days, we will make your code public or use them otherwise," the hackers' message read.

A GitHub search revealed that at least 392 GitHub repositories have been compromised.

Kathy Wang, Director of Security for GitLab, was quoted as saying that they immediately began investigation into the issue.

"We have identified affected user accounts and all of those users have been notified. As a result of our investigation, we have strong evidence that the compromised accounts have account passwords being stored in plaintext on a deployment of a related repository," Wang told ZDnet.

Jeremy Galloway, a security researcher at Atlassian, which owns BitBucket, told Motherboard that the company has seen a lot of users' repositories getting hit by these hackers.