LockBit 3.0 introduces important novelties, including a bug bounty program

The LockBit ransomware operators released LockBit 3.0 with important novelties, including a bug bounty program and Zcash payments.

The Lockbit ransomware operation has released LockBit 3.0, which has important novelties such as a bug bounty program, Zcash payment, and new extortion tactics. The gang has been active since at least 2019 and today it is one of the most active ransomware gangs.

The new version 3.0 of the ransomware was already used in recent attacks.

The introduction of the bug bounty program made the headlines, it is the first ransomware gang asking cyber security experts to submit bugs in their malware to improve it.

The gang announced it is offering rewards ranging between $1,000 and $1 million.

“We invite all security researchers, ethical and unethical hackers on the planet to participate in our bug bounty program. The amount of remuneration varies from $1000 to $1 million,” reads the announcement of the bug bounty program made by the gang.

The ransomware gang will also reward “brilliant ideas” to improve its operations.

The $1 million rewards will be paid to those experts that will identify the affiliate manager LockBitSupp.

Another novelty is represented by the fact the gang now accepts Zcash for payments, along with Monero and Bitcoin, to protect their anonymity.

The LockBit 3.0 operation is also using a new extortion model that allows threat actors to buy data stolen from the victims during the attacks.

“The source code of the showcase site suggests the adoption of new modes of monetization of cyberattacks carried out with the LockBit 3.0 ransomware. Thus, everything seems ready so that it will soon become possible to pay the franchise to download stolen data – including in the form of a single BitTorrent file -, but also to “buy” more time before disclosing the data. , or to request the destruction of stolen data.” reads the post published by LeMagIT. “What give cybercriminals an additional chance to get paid by their victims when they do not want the decryption tool. This kind of request is not uncommon during negotiations.”

The experts noticed a JavaScript file that allows users to purchase data leaked on the site and download it also through a Torrent.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, LockBit 3.0)

[adrotate banner=”5″]

[adrotate banner=”13″]