LockBit ransomware gang promises bounty payment for personal data
The LockBit cybercrime group has launched a bug bounty program that promises money to people willing to share sensitive data that is exploitable in ransomware attacks. LockBit 3.0 is released, with it coming the bounty program. The bug bounty program promises $1,000 to $1 million in rewards for leaking personal information.
Bug bounty programs are often used by legitimate companies to allow researchers and hackers to find vulnerabilities in their software code. This is the first time a cybercrime group has used the same concept. Ransomware groups are increasingly being run in organized enterprises with a business structure and model. The LockBit bounty site has a menu of categories of interest to the gang. The gang will pay for vulnerabilities in addition to paying for errors found in its own encryption and decryption process and ideas that could help it improve its site and software. The largest bounty comes from challenging people to find the identity of the program’s boss, someone identified as LockBitSupp. This offer has existed since March 2022. The bug relies on unethical researchers and hackers willing to provide private information to make quick money. This means companies and businesses are at risk from internal employees who could sell access to the systems or companies.