[fmhul]

>The breaches seem to rely on the attacker having knowledge of the affected users passwords in order to wipe their Git repositories and hold them for ransom.

Yeah, until I go to my computer and use "git push" again. No?

Also gitsbackup.com is registered but has no A/MX records so...

[tyingq]

"Also gitsbackup.com is registered but has no A/MX records so..."

Gitlab should really note that in their blog posts and emails to users. Just in case someone is thinking of paying the ransom.

[sytse]

We agree that paying a ransom doesn't guarantee any further actions on the part of the attackers. But in our blog post we want to stick to what we know and can influence and not talk about an external DNS record that can be added at any time.