Whereas companies have but to acknowledge the significance of working bug bounty applications totally, cybercriminals have seemingly realized this potential. Thus, in an ironic transfer, the LockBit ransomware gang has debuted a bug bounty program for its LockBit 3.0.
LockBit 3.0 Ransomware However Bounty Program
Reporting what they noticed on the darkish net, Bleeping Laptop’s Lawrence Abrams defined that the LockBit menace actors introduced $1000 to $1 million bounties for locating and reporting numerous points within the LockBit 3.0 construction.
LockBit 3.0 is the newest variant of the infamous LockBit ransomware, following LockBit 2.0. The attackers lately launched the three.0 variant after two months of beta-testing. But, regardless of the quick time, it has emerged as a potent malware comprising 40% of probably the most ransomware assaults in Might 2022.
With the formal 3.0 variant launch, the LockBit gang additionally introduced the primary ransomware bug bounty program. In response to the assertion given on their darkish internet web site,
We invite all safety researchers, moral and unethical hackers on the planet to take part in our bug bounty program. The quantity of remuneration varies from $1000 to $1 million.
One other factor making it completely different from typical bug bounty applications is the facet provide for “sensible concepts.” The attackers would reward anybody sharing concepts for bettering the ransomware operations and doxing the associates program supervisor.
Relating to the “scope” of this bug bounty program, the attackers record the next as eligible for bounties.
- Web site bugs, like MySQL injections and XSS, which permit getting the decryptor or reveal correspondence with victims.
- Locker bugs that enable file decryption with out the decryptor.
- Doxing the associates program boss ($1 million bounty pledged).
- TOX messenger bugs.
- Tor community bugs that expose the positioning’s servers.
- Sensible concepts for bettering ransomware operations
For the funds, LockBit has chosen Zcash and Monero, two hard-to-trace privateness cash.
In fact, whereas it’s profitable, it isn’t professional for the moral hackers and bug bounty hunters to take part on this program, as doing so would solely help the criminals.