New front in ransomware: someone is using disclosed Git hosting passwords to wipe the repo and then ransom back a copy for ~$500 in Bitcoin.https://about.gitlab.com/2019/05/03/suspicious-git-activity-security-update/ …
-
-
I hesitate to say the following but since it might help at least one startup out there: If you have your repository accessed by an external party in this fashion, irrespective of whether you have backups, you need to take a deep breath, then push the Big Red Button. Bad news.
Show this thread -
There exists a specialized type of infosec consultant called Incident Response (IR) and you might want to consider engaging the services of one. They are probably not cheap. You will probably be advised to e.g. roll every credential you have. This will not be fun. Do it anyhow.
Show this thread
End of conversation
New conversation -
-
-
Pretty sure they're also threatening to disclose the repo publicly leading to possible IP loss. Also maybe passwords/secrets if people have been sloppy and checked those in (as almost everyone does at some point).
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
But…you’d need to figure that out anyways, since the most recent repo may not have been pushed to the remote by the time it was wiped.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Sounds like the ransomware folks need to Charge More
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.