It was not a long time ago that there was a warning about fake copyright infringement emails installing LockBit ransomware, and now it’s the very first ransomware bug bounty program called LockBit 3.0, here. It has just been introduced by the cybercrime group. The ransomware operation founded in 2019, over the years, has grown and become the most prolific malicious software, responsible for 40% of all known ransomware attacks in May 2022.
LockBit 3.0 bug bounty program
The ransomware group has issued a Ransomware-as-a-Service (RaaS) maneuver called LockBit 3.0. It is created to be acquired on the dark web by other cybercriminals to manage more fraud without the awareness of coding. The group has created this low-code software to enable phishing emails and scams. The new version 3.0 of the Lockbit ransomware team allows anyone to extend the timer by 24 hours, destroy all data from the website, or download all data right away to maximize the ransom money for each victim.
The ransom notes are no anymore named ‘Restore-My-Files.txt‘, rather have the naming format, [id].README.txt. On the other hand, it is unclear what technical changes were made to the encryptor. But, this bug bounty program is different from those often used by certain companies. What is more, LockBit is not only furnishing money for rewards on vulnerabilities who get a decryptor from their site. But they are also paying bounties for improving the ransomware operation and for doxing the affiliate program boss. The several bug bounty categories offered by the LockBit 3.0 program. You can see the LockBit developers’ announcement below:
- Web Site Bugs: XSS vulnerabilities, MySQL injections, getting a shell to the site, and more, will be paid depending on the severity of the bug, the main direction is to get a decryptor through the bugs web site, as well as access to the history of correspondence with encrypted companies.
- Locker Bugs: Any errors during encryption by lockers that lead to corrupted files or to the possibility of decrypting files without getting a decryptor.
- Brilliant ideas: We pay for ideas, please write us about how to improve our site and our software; the best ideas will be paid for. What is so interesting about our competitors that we don’t have?
- Doxing: We pay exactly one million dollars, no more and no less, for doxing the affiliate program boss. Whether you’re an FBI agent or a very clever hacker who knows how to find anyone, you can write us a TOX messenger, give us your boss’s name, and get $1 million in Bitcoin or Monero for it.
- TOX messenger: Vulnerabilities of TOX messenger that allow you to intercept correspondence, run malware, determine the IP address of the interlocutor, and other interesting vulnerabilities
- Tor network: Any vulnerabilities which help to get the IP address of the server where the site is installed on the onion domain, as well as getting root access to our servers, followed by a database dump and onion domains.
It has been reported that the Torrent sites are being used as data dumps and are accessible for direct downloads. This will enable any organization to buy their competitor’s data hassle-free. However, LockBit 3.0 do not claim any victim as of yet it is not clear how these new program tactics will work or if it is even enabled.