about a wave of attacks aimed at encrypting Git repositories in GitHub, GitLab and Bitbucket services. The attackers clean the repository and leave a message asking them to send 0.1 BTC (approximately $700) to restore data from a backup (in fact, only the commit headers are corrupted and the information can be ). On GitHub in a similar way already 371 repositories.
Some victims of the attack admit to using weak passwords or forgetting to remove access tokens from old applications. Some believe (so far this is only speculation and the hypothesis has not yet been confirmed) that the reason for the leak of credentials was the compromise of the application , which provides a GUI for working with Git from macOS and Windows. In March, SourceTree revealed several , which allow remotely organizing code execution when accessing repositories controlled by an attacker.
To restore the repository after the attack, it is enough to execute "git checkout origin / master", after which
find out via "git reflog" the SHA hash of your last commit and reset the attackers' changes with the command "git reset {SHA}". If you have a local copy, the problem is solved by running "git push origin HEAD:master --force".
Source: opennet.ru