Mystery Git ransomware appears to blank commits, demands Bitcoin to rescue code • The Register

Programmers say they’ve been hit by ransomware that seemingly wipes their Git repositories’ commits and replaces them with a ransom note demanding Bitcoin.

An unusual high number of developers have griped online about the effects of the software nasty, with at least two reports seen by El Reg referencing the freeware Sourcetree GUI for Git, made by Atlassian.

“So I was done fixing a bug tonight. I was using sourcetree to push the changes, as soon as I clicked the commit button my laptop freezed (it usually freezes so im not sure if it was due to malware or the usual one) and i immediately restarted it by long pressing the power button,” posted one person on Reddit.

The netizen added that the ransom note they received referenced gitsbackup[dot]com, and demanded about $560 in crypto-currency to un-fsck the repo.

Another posted on Stack Exchange: “One of my repos was wiped today and just a message left in its place with a bitcoin ransom. I’ve no idea how they accessed my account, can’t really see anything on github security page.”

The user added: “I’m at a bit of a loss just now as what to do, 2 factor has been turned on in github, the main server where the code was used. I’ve removed unused scripts etc changed passwords, currently building a new server droplet and moving everything as a precaution in case the server was accessed.”

A third, Stefan Gabos, wrote on Stackexchange: “I was working on a project and suddenly all the commits disappeared and were replaced with a single text file.”

That file, consistently across all the posts seen by The Register, reads:

To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at admin[at]gitsbackup[dot]com with your Git login and a Proof of Payment. If you are…

Source Link