"LockBit 3.0 Ransomware Emerges With Bug Bounty Program"

The LockBit 3.0 ransomware operation has recently launched, and the gang is starting a bug bounty program offering up to $1 million for vulnerabilities and various other types of information.  LockBit has been around since 2019. The LockBit 2.0 ransomware-as-a-service operation emerged in June 2021. Researchers stated that it has been one of the most active ransomware operations, accounting for nearly half of all ransomware attacks in 2022, with more than 800 victims being named on the LockBit 2.0 leak website. With the launch of LockBit 3.0, it seems the gang is reinvesting some of the profit in their own security via a “bug bounty program.” Similar to how legitimate companies reward researchers to help them improve their security, LockBit operators claim they are prepared to pay out between $1,000 and $1 million to security researchers and ethical or unethical hackers. Rewards can be earned for website vulnerabilities, flaws in the ransomware encryption process, vulnerabilities in the Tox messaging app, and vulnerabilities exposing their Tor infrastructure.

SecurityWeek reports: "LockBit 3.0 Ransomware Emerges With Bug Bounty Program"