Loading...

Lockbit ransomware group offers up to $1 million in bug bounty program to target more companies

Lockbit ransomware group offers up to $1 million in bug bounty program to target more companies
Photo Credit: Pixabay
28 Jun, 2022
Loading...

The notorious Lockbit ransomware group that provides ransomware-as-a-service has announced a bug bounty program offering security researchers up to $1 million for submitting bug reports. This was first reported by Bleeping Computer. 

"We invite all security researchers, and ethical and unethical hackers on the planet to participate in our bug bounty program. The amount of remuneration varies from $1000 to $1 million,” the ransomware group said in a blog post announcing the program. 

The Lockbit group has classified the bug bounty program into multiple categories. For website bugs, hackers will be paid according to the severity of the bug. For doxing program bosses, hackers will be paid exactly $1 million. Doxing is the act of revealing secret information about high-profile individuals. Further, Lockbit said that hackers will also be rewarded for sharing ideas that can help improve its software. 

Loading...

Bug Bounty programs are usually backed by companies that want to leverage independent cybersecurity talent to identify bugs or vulnerabilities in their software. All major tech service providers including Apple, Google, and Microsoft have given away millions of dollars in bug bounty programs. 

Governments in various countries have also started using bug bounty programs to find vulnerabilities in their software. For instance, in May 2002, the Indian government announced a bug bounty program of up to ₹300,000 for reporting vulnerabilities in the Aarogya Setu app. Similarly, last December, the US Department of Homeland Security (DHS) launched a $5,000 bug bounty program inviting hackers to find vulnerabilities in its systems.

In these programs, independent ethical hackers or cyber security experts look for errors in software or configuration and bring them to the company’s notice. This gives companies the opportunity to patch the errors before cybercriminals can exploit them. 

Loading...

Ransomware groups have been known to bribe disgruntled employees to plant malware in company systems. Using bug bounty programs to get independent hackers to find bugs for them can be even more effective as hackers will find vulnerabilities on their own and report them to them for the reward. Lockbit is one of the most active ransomware groups this year. According to an April 2022 report by cybersecurity firm Digital Shadows, Lockbit accounted for 38% of all ransomware in the first quarter of CY2022. Conti accounted for 20% of the ransomware attacks.