The cybercriminals behind LockBit ransomware are taking things up a notch with the version 3.0 launch of their ransomware-as-a-service (RaaS) operation.
Notably, the gang has announced a bug bounty program—likely the first of its kind—offering payments to anyone finding vulnerabilities in their encryption code or leak website.
The announcement was made on June 26th with the message, "Make Ransomware Great Again!," and soliciting "all security researchers, ethical and unethical hackers on the planet" with the lure of $1,000 to $1 million payouts.
The criminal hackers are also looking for sensitive data on high-profile individuals for the purpose of doxxing or perhaps for recruitment of insider threats.
Other features in the v3.0 release include new methods of data recovery and/or destruction and the addition of Zcash cryptocurrency to the existing Bitcoin and Monero ransom payment options.
The LockBit ransomware operation began in 2019 and, although less infamous than Conti or REvil, has since grown to be the top perpetrator of ransomware attacks globally.