The LockBit RaaS launched LockBit 3.0, the first-ever ransomware bug bounty program for security experts to submit bug reports and get rewarded with up to $1 million. Various bug bounty categories include website bugs (such as XSS vulnerabilities, and MySQL injections), Locker bugs (bugs in the ransomware itself), TOX messenger vulnerabilities, and Tor network vulnerabilities.