The active team ransomware LockBit κυκλοφόρησε μια νέα έκδοση του κακόβουλου λογισμικού “LockBit 3.0” το Σαββατοκύριακο και ανακοίνωσε ένα program bug bounty that offers rewards for possible ways to improve the functionality of the ransomware.
Although few details were given about the technical improvements to the operation of the ransomware-as-a-service, the group invited all security researchers and hackers to participate in a bug bounty program, which reportedly offers rewards ranging from $1.000 to as much as $1 million.
Lockbit ransomware group announced today Lockbit 3.0 is officially released with the message: "Make Ransomware Great Again!"
Additionally, Lockbit has launched their own Bug Bounty program paying for PII on high-profile individuals, web security exploits, and more… pic.twitter.com/ByNFdWe4Ys
- vx-underground (@vxunderground) June 26, 2022
The team is looking for bugs on the webσελίδα of, port bugs, and malware improvement ideas, among others.
But several security researchers do not believe in the effectiveness of LockBit's bug bounty program.
"Since Lockbit 3.0's bug bounty program is essentially inviting people to help a felony for a reward, they may think that $1.000 is a bit much because of the risks involved for those who might decide to help them." said Casey Ellis, founder of Bugcrowd.
“I doubt security researchers will be interested. I know if I find a vulnerability, I'm going to use it to put them in jail," said John Bambenek, a threat hunter at the cyber firmbetter safetys Netenrich. "If a criminal finds a bug, it will be to steal them because there is no honor among ransomware administrators."
However, the introduction of a bug bounty program highlights how ransomware groups now operate. They seem to exist online with impunity and in some cases have grown so much that they look like normal businesses.