In the wake of Tuesday’s massive global ransomware attack, the hacker group called the Shadow Brokers is again trying to capitalize on its reputation as a source of leaked NSA hacking exploits, saying it will up the price of a subscription service launched earlier this month, while also introducing a new “premium” feature.
The group introduced a monthly subscription service following last month’s WannaCry attack, after initially trying to sell its entire cache of NSA-funded cyberweapons for a staggering one million bitcoin (worth $2.5 billion at current prices). Both WannaCry and Tuesday’s attack, which has been blamed on the “Goldeneye” strain of the “Petya” ransomware, were aided by exploits that the Shadowbrokers allegedly stole from an NSA special-ops crew called “the Equation Group.”
Now, the Shadowbrokers are marketing their wares not only at hackers, but at corporations who’d like to buy insurance against being hacked.
Here’s the Shadowbrokers, in their characteristic broken English, as reported by The Hill.
"Another global cyber attack is fitting end for first month of theshadowbrokers dump service. There is much theshadowbrokers can be saying about this but what is point and having not already being said? So to business! Time is still being left to make subscribe and getting June dump. Don’t be let company fall victim to next cyber attack, maybe losing big bonus or maybe price on stock options be going down after attack. June dump service is being great success for theshadowbrokers, many many subscribers, so in July theshadowbrokers is raising price," the ShadowBrokers wrote in an online message released early Wednesday.”
The Shadowbrokers launched its monthly subscription document leaks service this month at a price of $27,000 a month in digital currency. Their new release more than doubles the price to $61,000. The group also announced a new premium service allowing customers to make requests for assistance or specific document releases.
The group has been active since August 2016, when it began leaking hacking tools that were allegedly developed by the NSA. It has also leaked documents appearing to show the NSA hacked a Middle Eastern banking services company to try and get at the company’s clients, according to the Hill.
One of the exploits released by the group back in April, known as EternalBlue, was instrumental in aiding last month’s WannaCry cyberattack. Both WannaCry and another NSA exploit were allegedly intrumental in Tuesday's attack.
The group also publicly released a password to what Edward Snowden called the NSA’s “top-secret arsenal of digital weapons.” Back in April, the group released passwords to hacking tool binaries developed by the NSA in 2013 as a “protest” against President Donald Trump, whom they accused of betraying his base by launching a missile strike against a Syrian government airfield and for backing away from his commitment to combating globalism.
The first reports of organizations being hit by Tuesday’s attack were from Russia and Ukraine, but the impact quickly spread westwards to computers in Romania, the Netherlands, Norway, and Britain. Companies affected included German pharmaceutical company Merck, Russia's Rosneft and metals giant Evraz, Danish shipper Maersk, UK ad company WPP, and both the Ukrainian and Russian central banks.
Already, Ukrainian government officials are blaming the attack on a Russian entity – likely government-sponsored – claiming that the virus’s code was written in Russian, ignoring the fact that Russian firms were also attacked, and mirroring the laughable conclusion that the North Korean government was somehow responsible for the original WannaCry attack.
With two global attacks unfolding in the span of two months, it’s incredible that the public – not to mention investors – aren’t more worried. How long until these attacks become a weekly, or even daily, occurrence. And more importantly, how long until they begin to seriously disrupt the functioning of private infrastructure.
At least one former NSA employee chimed in with his two cents about the agency’s role in making these attacks possible.
Nobody has been able to say for certain who or what the Shadowbrokers are. But at least one famed NSA whistleblower has a theory:
William Binney - who exposed the NSA's pervasive surveillance of Americans long before Snowden confirmed it - said he and his colleagues are fairly certain the Shadowbrokers aren't really a group of rogue actors, but rather an insider employee at NSA.