Lockbit 3.0 Ransomware Gets New Update
The Lockbit ransomware has been one of the strains that made headlines often over the last couple of years. First released in its first iteration in 2019, the ransomware got a significant update in recent weeks, introducing significant changes to the malicious software.
Perhaps most interestingly, the ransomware gang behind Lockbit 3.0 released an announcement concerning a "bug bounty" program. This is something you would expect big legitimate software makers to do for their products. Microsoft and Google, for example, both have bug bounty programs for their major products, where researchers, programmers and white hat hackers are rewarded for finding flaws, bugs and vulnerabilities within the company's products.
Now the Lockbit gang has introduced their own bug bounty program, offering prized ranging from $1000 to a cool $1 million for finding significant flaws with their ransomware. This is the first time that a ransomware criminal outfit has offered rewards for debugging their "product".
The new version, Lockbit 3.0, is said to use significant chunks of code lifted from the BlackMatter / DarkSide ransomware. There were unconfirmed rumors that once security researchers with Emsisoft released a freeware tool decrypting several versions of the BlackMatter, the BlackMatter outfit fired a large number of its coders. If that is indeed the case, it's not unlikely that those coders moved to work for Lockbit.
The ransomware also introduced new payment methods offered to victims. Previously Lockbit only accepted payments in Monero and Bitcoin and with the 3.0 release, Zcash was added to the list of options.