Η δραστήρια ομάδα ransomware LockBit κυκλοφόρησε μια νέα έκδοση του κακόβουλου λογισμικού “LockBit 3.0” το Σαββατοκύριακο και ανακοίνωσε ένα πρόγραμμα bug bounty που προσφέρει ανταμοιβές για πιθανούς τρόπους βελτίωσης της λειτουργίας του ransomware.
While few details were given about the technical improvements to the ransomware-as-a-service operation, the team invited all security researchers and hackers to participate in a bug bounty program, which reportedly offers rewards ranging from $1.000 to and $1 million.
Lockbit ransomware group announced today Lockbit 3.0 is officially released with the message: "Make Ransomware Great Again!"
Additionally, Lockbit has launched their own Bug Bounty program paying for PII on high-profile individuals, web security exploits, and more… pic.twitter.com/ByNFdWe4Ys
- vx-underground (@vxunderground) June 26, 2022
The team is looking for bugs in its website, bugs in ports, and ideas to improve the malware, among other things.
But several security researchers do not believe in the effectiveness of LockBit's bug bounty program.
"Since Lockbit 3.0's bug bounty program is essentially inviting people to help a felony for a reward, they may think that $1.000 is a bit much because of the risks involved for those who might decide to help them." said Casey Ellis, founder of Bugcrowd.
“I doubt security researchers will be interested. I know if I find a vulnerability, I'll use it to put them in jail," said John Bambenek, a threat hunter at cybersecurity firm Netenrich. "If a criminal finds a bug, it will be to steal them because there is no honor among ransomware administrators."
However, the introduction of a bug bounty program highlights how ransomware groups now operate. They seem to exist online with impunity and in some cases have grown so much that they look like normal businesses.
