The LockBit ransomware has released LockBit 3.0 with a bug bounty program, new extortion tactics, and Zcash. According to data from May 2022 LockBit ransomware contributes to 40% of extortion and ransomware attacks.
According to a source, the ransomware group has released a ransomware-as-a-service (RaaS) operation called LockBit 3.0. The cybercrime group has created this low-code software in order to be purchased on the dark web by other cybercriminals to conduct more exploitation without the knowledge of coding. The LockBit group has made this version available for Phishing emails and scams.
This is for the first time that the cybercrime group LockBit has introduced a bug bounty program. However, the bug bounty program is not similar to the program that legitimate companies like Facebook or Google use. The LockBit 3.0 bug bounty page reads, “We invite all security researchers, ethical and unethical hackers on the planet to participate in our bounty program. The amount of remuneration varies from $1000 to $1 million.”
The ransomware gang with their bug bounty program asks the security researchers to submit bug reports to them in return for rewards. In this way, the ransomware gang tries to buy brilliant ideas on how to improve their ransomware operations and for doxxing program managers.
LockBit 3.0 also includes Zcash as a cryptocurrency payment option. The ransomware gang previously accepted cryptocurrency payments such as Monero and Bitcoin. Now they have included Zcash as a ransom payment. Zcash is known as a privacy coin because it is harder to trace other than Bitcoin or Monero, while Monero is also a privacy coin. Zcash is being offered for sale on the US crypto exchange platform, Coinbase where it can be purchased easily for victims as means of ransom.
Reportedly, LockBit 3.0 is also using a new model of extortion. LockBit 3.0 has leaked a new HTML model dialog that allows people to purchase compromised data. The Torrent sites are being used as data dumps and are being available for direct downloads. So that any organization can buy their competitor’s data hassle-free.
However, LockBit 3.0 do not claim any victim as of yet but it is absolute that it can conduct more extortions and illegal means of buying leaked documents prompting to an extreme cyber-attack.
