Repositories held for ransom by using valid credentials

Aside | Posted on by

Repositories held for ransom by using valid credentials

This is a user insecure practices issue, and is not specific to GitLab, as other git repositories are affected by this as well. The breaches seem to rely on the attacker having knowledge of the affected users passwords in order to wipe their Git repositories and hold them for ransom. If you have a full current copy of the repository on your computer, you can force push to the current HEAD of your local copy using:

Otherwise, you can still clone the repository and make use of:

As this is related to the use of , GitLab does not have its own documentation or examples, but we have found these articles that may be of use:

On May 2, 2019 at approximately 10:00pm GMT GitLab received the first report of a repository being wiped with a single file left in place that demanded a bitcoin ransom be paid for the return of data:

We began to receive multiple reports, and were able to search through logs and repositories to determine the extent of the impact.

Source: about.gitlab.com