Security News > 2022 > June > LockBit 3.0 introduces the first ransomware bug bounty program

The LockBit ransomware operation has released 'LockBit 3.0,' introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options.
The ransomware operation launched in 2019 and has since grown to be the most prolific ransomware operation, accounting for 40% of all known ransomware attacks in May 2022.
With the release of LockBit 3.0, the operation has introduced the first bug bounty program offered by a ransomware gang, asking security researchers to submit bug reports in return for rewards ranging between $1,000 and $1 million.
"We invite all security researchers, ethical and unethical hackers on the planet to participate in our bug bounty program. The amount of remuneration varies from $1000 to $1 million," reads the LockBit 3.0 bug bounty page.
LockBit is not only offering bounties for rewards on vulnerabilities but is also paying bounties for "Brilliant ideas" on improving the ransomware operation and for doxxing the affiliate program manager.
LockBit is one of the most active ransomware operations, with its public-facing operator actively engaging with other threat actors and the cybersecurity community.
News URL
Related news
- Microsoft raises rewards for Copilot AI bug bounty program (source)
- US sanctions LockBit ransomware’s bulletproof hosting provider (source)
- Microsoft expands Copilot bug bounty targets, adds payouts for even moderate messes (source)
- New kids on the ransomware block channel Lockbit to raid Fortinet firewalls (source)
- Suspected LockBit ransomware dev extradited to United States (source)