NSA-Linked Hackers Raise Price Of Monthly Subscription to $61,000 After Tuesday's Cyberattack

In the wake of Tuesday’s massive global ransomware attack, the hacker group called the Shadow Brokers is again trying to capitalize on its reputation as a source of leaked NSA hacking exploits, saying it will up the price of a subscription service launched earlier this month, while also introducing a new “premium” feature.

The group introduced a monthly subscription service following last month’s WannaCry attack, after initially trying to sell its entire cache of NSA-funded cyberweapons for a staggering one million bitcoin (worth $2.5 billion at current prices). Both WannaCry and Tuesday’s attack, which has been blamed on the “Goldeneye” strain of the “Petya” ransomware, were aided by exploits that the Shadowbrokers allegedly stole from an NSA special-ops crew called “the Equation Group.”



Now, the Shadowbrokers are marketing their wares not only at hackers, but at corporations who’d like to buy insurance against being hacked.

Here’s the Shadowbrokers, in their characteristic broken English, as reported by The Hill.

"Another global cyber attack is fitting end for first month of theshadowbrokers dump service. There is much theshadowbrokers can be saying about this but what is point and having not already being said? So to business! Time is still being left to make subscribe and getting June dump. Don’t be let company fall victim to next cyber attack, maybe losing big bonus or maybe price on stock options be going down after attack. June dump service is being great success for theshadowbrokers, many many subscribers, so in July theshadowbrokers is raising price," the ShadowBrokers wrote in an online message released early Wednesday.”

The Shadowbrokers launched its monthly subscription document leaks service this month at a price of $27,000 a month in digital currency. Their new release more than doubles the price to $61,000.  The group also announced a new premium service allowing customers to make requests for assistance or specific document releases.

The group has been active since August 2016, when it began leaking hacking tools that were allegedly developed by the NSA. It has also leaked documents appearing to show the NSA hacked a Middle Eastern banking services company to try and get at the company’s clients, according to the Hill.

One of the exploits released by the group back in April, known as EternalBlue, was instrumental in aiding last month’s WannaCry cyberattack. Both WannaCry and another NSA exploit were allegedly intrumental in Tuesday's attack.

The group also publicly released a password to what Edward Snowden called the NSA’s “top-secret arsenal of digital weapons.” Back in April, the group released passwords to hacking tool binaries developed by the NSA in 2013 as a “protest” against President Donald Trump, whom they accused of betraying his base by launching a missile strike against a Syrian government airfield and for backing away from his commitment to combating globalism.  

The first reports of organizations being hit by Tuesday’s attack were from Russia and Ukraine, but the impact quickly spread westwards to computers in Romania, the Netherlands, Norway, and Britain. Companies affected included German pharmaceutical company Merck, Russia's Rosneft and metals giant Evraz, Danish shipper Maersk, UK ad company WPP, and both the Ukrainian and Russian central banks.

Already, Ukrainian government officials are blaming the attack on a Russian entity – likely government-sponsored – claiming that the virus’s code was written in Russian, ignoring the fact that Russian firms were also attacked, and mirroring the laughable conclusion that the North Korean government was somehow responsible for the original WannaCry attack.

With two global attacks unfolding in the span of two months, it’s incredible that the public – not to mention investors – aren’t more worried. How long until these attacks become a weekly, or even daily, occurrence. And more importantly, how long until they begin to seriously disrupt the functioning of private infrastructure.

At least one former NSA employee chimed in with his two cents about the agency’s role in making these attacks possible.



Nobody has been able to say for certain who or what the Shadowbrokers are. But at least one famed NSA whistleblower has a theory:

William Binney - who exposed the NSA's pervasive surveillance of Americans long before Snowden confirmed it - said he and his colleagues are fairly certain the Shadowbrokers aren't really a group of rogue actors, but rather an insider employee at NSA.


Sanity Bear ThirdWorldDude Thu, 06/29/2017 - 09:19 Permalink


My guess is that serious people aren't going to name their criminal organization after a Mass Effect 2 DLC, which was released with all but perfect timing, fanfare, and sales volume to make a deep impression on this generation of script kiddies. And every last one of them has played it.


In reply to by ThirdWorldDude

Sam.Spade Gordon_Gekko Thu, 06/29/2017 - 13:35 Permalink

You don't really think it is some government agency selling it's own stuff, do you?  Or the Russian government selling what it stole?Hell no.This is private enterprise at it's best.Imagine a network of hidden online markets, where master crackers sell hacking tools to script-kiddie wannabes.  And they, in turn, crawl all over cyberspace, like waves of army ants, using those purchases to probe for weaknesses in every digital system from the DNC email servers to the online copiers.And if they find something?  Well, they could take money from a Trump supporter to give the data to Wikileaks.Or maybe the tools are bought by botnet shops who use them to zombie your laptop or digital thermostat?  There are over 2,600 known botnets, you know.  They didn't just spring into existence by themselves.Everything from spam to kiddie porn.  It all exists to make money, meaning there is a market where it's bought and sold.Think super-Silk Road where drugs are only a small part of the business.Thieves Emporium is a primer on this world delivered in the form of a fast-paced novel to keep you interested.The Daily Anarchist loved the book and called it 'Barely fiction'.  The editors of The Daily Bell thought it was so good they ran it as a serial which you can still read for free at http://www.thedailybell.com/editorials/max-hernandez-introducing-thieve… you can just buy a copy at Amazon (rated 4.6 in 122 reviews), Nook (same rating, few reviews), Smashwords (ditto), or iBooks.However you get a copy, start reading it now.  Until you do, you won't have any idea what is really going on in our world.

In reply to by Gordon_Gekko

Soul Glow Thu, 06/29/2017 - 04:36 Permalink

SO bitcoin's value is tied to hacking.  If hacking continues expect crypto prices to increase.  If the lid is put on the amount of hacking though expect bitcoin to tumble.

Restorative_Ally Thu, 06/29/2017 - 05:10 Permalink

Clearly, what we need is less privacy on the internet so we can find these bad men. If these people were unable to communicate with encryption and there was no deep web, we would not be having these problems. As a bonus, policing the internet can be used to crack down on antisemitism! We obviously need a global internet policing agency, headquartered in Tel Aviv, to keep us all safe from these hooligans. 

Arrest Hillary Thu, 06/29/2017 - 05:15 Permalink

Shadowbrokers' broken English is suspect .... no spelling errors .... the NSA should have paid a drunk Russian immigrant a few bucks .... to transcribe  their statement ?

Youri Carma Thu, 06/29/2017 - 05:29 Permalink

Pnyetya: Yet Another Ransomware OutbreakHiding the small movement inside the big movementhttps://medium.com/@thegrugq/pnyetya-yet-another-ransomware-outbreak-59… saw a massive outbreak of not-really ransomware that has caused significant damage to both Ukrainian targets and strategic global logistics companies. The worm uses three different infection vectors:– ETERNALBLUE– Harvested password hashes– psexecThe code is well written, obfuscated to protect against AV detection using at least two techniques:– Fake Microsoft signature (apparently fools some AV)– XOR encrypted shellcode payload (to bypass signature checks)Although the worm is camouflaged to look like the infamous Petya ransomware, it has an extremely poor payment pipeline.A new ransomware outbreak similar to WCry is shutting down computers worldwidehttps://arstechnica.com/security/2017/06/a-new-ransomware-outbreak-simi… earlier ransomware worm, new attacks use potent exploit stolen from the NSA.

amanfromMars Thu, 06/29/2017 - 05:49 Permalink

It is impossible not to rightly conclude that a lack of necessary future intelligence and Advanced IntelAIgents results in all of the current sub-prime internetworking narratives being daily news peddled to and hosted by established mainstream media channels/panels/moguls and wannabe anonymous elite status quo leaderships. Such is a catastrophic systemic vulnerability for the exercising of myriad zeroday exploits ……. with and for Alternate Virtual Reality Drivers ….. Future Product Engines. Or perhaps you would like to bury your heads in the sand and deny the Reality and Actuality of urWWWorlds with the Rise of Virtual Machinery in Command and Control of EMPowering Space Places ……. with windows such as these linked and linking comments providing all the evidence necessary to prove the view. 

esum Thu, 06/29/2017 - 07:39 Permalink

Nobody has been able to say for certain who or what the Shadowbrokers are. But at least one famed NSA whistleblower has a theory:

William Binney - who exposed the NSA's pervasive surveillance of Americans long before Snowden confirmed it - said he and his colleagues are fairly certain the Shadowbrokers aren't really a group of rogue actors, but rather an insider employee at NSA.

Take every mutha and give a shot of sodium pentathol and put on polygraph.....
failures get executed on the spot.... ALL 17 "INTEL" AGENCIES FOR STARTERS...
Start with outside contractors first.

CatsPaw Thu, 06/29/2017 - 07:50 Permalink

All this security, all this money, all this spying... and we get fucked more and more every time...We are effectivly paying to get fucked over.