Attackers are targeting GitHub, GitLab, Bitbucket, GitHubLab, and GitLab users, wiping code and commits from multiple repositories. Attackers only leave behind a single commit file with the following contents (the ransom note), asking victims to send a 0.1 BTC, which is the equivalent to roughly $568, in order to get their data back. There are no details at the moment on how the attackers were able to get access to their victims’ victims’ accounts but, as one StackExchange user said, even though he had 2FA enabled, he “never got a text message indicating they had a successful brute login”””
Source: https://www.bleepingcomputer.com/news/security/attackers-wiping-github-and-gitlab-repos-leave-ransom-notes/