Security News > 2022 > June > LockBit 3.0 introduces the first ransomware bug bounty program
The LockBit ransomware operation has released 'LockBit 3.0,' introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options.
The ransomware operation launched in 2019 and has since grown to be the most prolific ransomware operation, accounting for 40% of all known ransomware attacks in May 2022.
With the release of LockBit 3.0, the operation has introduced the first bug bounty program offered by a ransomware gang, asking security researchers to submit bug reports in return for rewards ranging between $1,000 and $1 million.
"We invite all security researchers, ethical and unethical hackers on the planet to participate in our bug bounty program. The amount of remuneration varies from $1000 to $1 million," reads the LockBit 3.0 bug bounty page.
LockBit is not only offering bounties for rewards on vulnerabilities but is also paying bounties for "Brilliant ideas" on improving the ransomware operation and for doxxing the affiliate program manager.
LockBit is one of the most active ransomware operations, with its public-facing operator actively engaging with other threat actors and the cybersecurity community.