Group Thanked FBI Agent for Insider Information About Weaknesses
The LockBit ransomware-as-a-service group has paid the first payment of $50,000 as part of their bug bounty program for researchers willing to aid in cybercriminality.
The ransomware collective had announced in June that it will pay individuals who find exploitable vulnerabilities as well as bugs in the software it uses to maliciously encrypt files that would allow victims to rescue their data.
According to Darkfeed, a ransomware monitoring service provider platform, on July 6, the first bounty payment was offered to an individual for the bug report in the encryption software, which was fixed on the same day.
The bug was able to decrypt virtual disk formats like VMDK or VHDX files for free since these files begin with zeros, the group says.
However, according to Darkfeed, the group says, “to minimize the damage and the impact of payments for the decryptor from the current attacked companies, it was decided to postpone the public announcement of the award until the current day.”
While announcing their bug bounty program in June, the group had said, “We invite all security researchers, ethical and unethical hackers on the planet to participate in our bug bounty program. The amount of remuneration varies from $1000 to $1 million.” (see: Ransomware-as-a-Service Gang LockBit Has Bug Bounty Program).
The prolific ransomware gang had tied the announcement of its bounty to the rollout of a new version of its improved malware, LockBit 3.0.
Bug bounties are programs intended to incentivize responsible disclosure of vulnerabilities by enticing researchers to submit their findings to the responsible vendor.
The group thanked the unknown awardee as the ransomware group was able to make changes to its encryption algorithm in the Linux VMDK files encryptor and were able to encrypt all the files again.
They also thanked an FBI agent and Coveware contributor for providing insider information that enabled ransomware actors to learn about the “weaknesses and bugs in our competitors’ encryption systems.”
From February to March, the number of known ransomware victims surged from 185 to 283, consultancy NCC Group reported in March (see: Cybercrime: Ransomware Attacks Surging Once Again).
Based on attacks that have come to light, LockBit 2.0 was the most prolific, accounting for 96 of the 283 attacks, followed by Conti with 71 attacks, Hive with 26 attacks and BlackCat, aka Alphv, with 23 attacks, NCC Group says. Of the known victims, 44% are based in North America, followed by Europe with 38% and Asia with 7%, it adds.