FBI agent thanked by a group for inside knowledge of weaknesses
As part of its bug bounty programme for researchers ready to assist in cybercrime, the LockBit ransomware-as-a-service organization. LockBit has paid the first payment of $50,000.
The ransomware collective stated in June that it will compensate anybody who discovers exploitable flaws and defects in the software. They employ secretly encrypt files, allowing victims to recover their data.
A fault in the encryption software was reported on July 6 and the first bounty payment was made that same day. Darkfeed is a company that offers ransomware monitoring services.
According to the group, the bug was able to decrypt virtual disc formats like VMDK or VHDX files without charge because their filenames start with zeros.
Also, the organization said, it has decided to postpone the public announcement of the reward until the current day. In order to limit the harm and the impact of payments for the decryptor from the current attacked companies.
In June, LockBit declared the launch of its bug bounty programme we open our bug bounty programme to all security researchers, and ethical and unethical hackers worldwide. The amount of remuneration varies from $1000 to $1 million”.
The well-known ransomware gang timed the release of LockBit 3.0, an updated version of its enhanced virus. To coincide with the announcement of its bounty.
Programs such as bug bounties are designed to encourage the responsible disclosure of vulnerabilities by luring researchers. The researchers report their discoveries to the accountable vendor.
After expressing gratitude to the unidentified recipient, the ransomware organization could modify the Linux VMDK files encryptor’s encryption method and encrypt all the files once more.
Additionally, it expressed gratitude to an FBI agent who also contributed to Coveware for sharing insider knowledge. This allowed ransomware developers to become aware of “weaknesses and flaws in our competitors’ encryption methods”.
The consultant NCC Group revealed in March that the number of confirmed ransomware victims increased from 185 to 283 from February to March. Also see: Cybercrime: Ransomware Attacks Surging Once Again).
NCC Group reports that LockBit 2.0, which is responsible for 96 of the 283 attacks, was the most active attacker. This follows by Conti with 71 attacks, Hive with 26 attacks, and BlackCat, nicknamed Alphv, with 23 attacks. As per the report, 44% of the victims are headquartered in North America, followed by 38% in Europe and 7% in Asia.