1427 - Ransomware packages in PyPI and NPM

Background

On 9 December 2022, a number of malicious packages targeted at Python and JavaScript developers were discovered in PyPI and NPM. Details can be found here.

Mitigation

Some of Redstor's software development is done in JavaScript. We use software composition analysis (SCA) tools to monitor vulnerabilities in our code base. We have not been affected by this ransomware campaign thus far. In the interest of security, we have made our developers aware of the risk.