August 15, 2022

TheCyberThrone

Thinking Security ! Always

LockBit 3.0 – Bug Bounty Program Update

LockBit 3.0, has been released by the prolific LockBit ransomware group, it has important novelties such as a bug bounty program, Zcash payment, and new extortion tactics.

LockBit 3.0 was first hinted at in mid-March. This new version must correct an encryption bug in MSSQL databases. Its use in cyberattacks was observed in late April/early May.

Advertisements

The introduction of the bug bounty program that offers rewards ranging between $1,000 and $1 million made the headlines, it is the first ransomware gang asking cyber security experts to submit bugs in their malware to improve it.

We invite all security researchers, and ethical and unethical hackers on the planet to participate in our bug bounty program. The amount of remuneration varies from $1000 to $1 million,” reads the announcement of the bug bounty program made by the gang.

The ransomware gang will also reward brilliant ideas to improve its operations. The $1 million rewards will be paid to those experts that will identify the affiliate manager LockBitSupp.

The threat actors now accepts Zcash for payments, along with Monero and Bitcoin, to protect their anonymity.

The LockBit 3.0 operation is also using a new extortion model that allows threat actors to buy data stolen from the victims during the attacks.

The source code of the showcase site suggests the adoption of new modes of monetization of cyberattacks carried out with the LockBit 3.0 ransomware. Thus, everything seems ready so that it will soon become possible to pay the franchise to download stolen data including in the form of a single BitTorrent file, but also to buy more time before disclosing the data. , or to request the destruction of stolen data.

Advertisements

The experts noticed a JavaScript file that allows users to purchase data leaked on the site and download it also through a Torrent.

%d bloggers like this: