The LockBit ransomware group simply launched its newest ransomware-as-a-service providing, LockBit 3.0, and together with it a primary for the Darkish Net: a bug-bounty program.
The bounty program presents up rewards for private identifiable info (PII) on high-value targets, safety exploits, and extra, in keeping with display grabs of messages that seem to have been shared by LockBit actors.
“We invite all safety researchers, moral and unethical hackers on the planet,” the group reportedly posted, providing funds for web site bugs, locker bugs, TOX messenger exploits, and knowledge to gasoline doxxing campaigns, with funds beginning at $1,000. The group is even keen to pay for recent cybercrime concepts, the advert say.
LockBit is on a roll. Within the wake of Conti’s shutdown, LockBit 2.0 emerged because the dominant ransomware-as-a-service group in Could, with the doubtful distinction of being behind 40% of all ransomware assaults in the course of the month. LockBit operators appear poised to capitalize with a brand new, malicious twist on bug-bounty applications.
‘No Honor Amongst Ransomware Operators’
“I want this shocked me,” Mike Parkin, senior technical engineer at Vulcan Cyber, mentioned in response to the LockBit bug-bounty launch. “However malware gangs have
reached a stage of maturity that they’re, actually, professionally run
companies.”
Whereas the innovation is noteworthy as a improvement within the ransomware enterprise, John Bambenek, principal risk hunter at Netenrich, mentioned he doubts anybody would really submit one thing and anticipate to gather the bounty.
“This improvement is totally different; nonetheless, I doubt they are going to get many takers,” Bambenek mentioned in a press release supplied to Darkish Studying. “I do know that if I discover a vulnerability, I am utilizing it to place them in jail. If a prison finds one, it will be to steal from them as a result of there is no such thing as a honor amongst ransomware operators.”
