Even blackmail Trojans have security flaws, and “fans” obviously will do anything for money.
Even computer malware is not immune to software vulnerabilities. The discovery of such a weakness in the encryption Trojan Lockbit was now worth a bug bounty of 50,000 US dollars. They also bang the drum in a strange way.
In bug bounty programs, security researchers search for vulnerabilities in software. If they find what they are looking for, they report the gap to the software manufacturer and collect a bonus. Actually, only big companies like Apple and Nintendo offer such programs. But now criminals are also using it to make their software better – unfortunately.
The Lockbit authors announced their bug bounty program in summer 2022. According to their own statements, they have now paid out the first bonus. The information about encryption vulnerabilities appears to have come from an FBI official.
In order to make themselves known, the Lockbit gang has started a strange campaign: Anyone who gets a tattoo of the ransomware’s logo and submits a photo as proof is to receive 1,000 US dollars. Allegedly, 20,000 US dollars have already flowed for it.