Hackers are trying a novel approach to extort developers of some money.
This new attack is a little different however it’s unclear how successful it will be since one victim has claimed to have found a way to recover their code without paying the ransom.
The hackers are breaking into code repositories hosted on GitHub, one of the world’s largest software development platforms, and BitBucket, a similar service owned by Atlassian.
GitHub did not immediately respond to a request for comment.
On Thursday, a Reddit user wrote a post warning about the attack, saying his repository got hacked and his code removed. The intruder left a message:
“To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) [around $590] to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at email@example.com with your Git login and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we dont receive your payment in the next ten Days, we will make your code public or use them otherwise.”
Jeremy Galloway, a security researcher at Atlassian, which owns BitBucket, told us in an online chat that the company has seen a lot of users’ repositories getting hit by these hackers. Galloway said he estimates the victims to be at least 1,000, based on internal numbers and online reports. That seems to be a good estimate considering that a search on GitHub for the hackers’ address returns 392 projects, as first reported by ZDnet.
At this point, it’s unclear how the hackers are breaking into all these accounts. Galloway told CBNN that Atlassian is investigating the incidents to try to figure that out.
The hackers did not respond to a request for comment sent to the email they’re providing victims.
If your project has been hit, there’s some good news. One victim claims to have figured out that the hackers aren’t actually deleting the code, and shared a relatively easy way to recover the files, as long as the victim has a clone of the code on their machine.