The Shadow Brokers hacking crew that took credit for leaking the cyberweapon used in last week’s global ransomware attack says it plans a “data dump of the month” service starting in June.
The group says its monthly menu could include anything from Web browser tools to compromised data on Russian, Chinese, Iranian or North Korean nuclear and missile programs.
“TheShadowBrokers is launching new monthly subscription model. Is being like wine of month club,” the group says in a communique released Tuesday in its typically choppy English. “Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members.”
Shadow Brokers leaked the “Eternal Blue” computer exploit in April, and Microsoft said it had apparently been obtained from NSA stockpiles. White House Homeland Security adviser Tom Bossert said the code “was not a tool developed by the NSA to hold ransom data” but did not say whether the exploitable flaw the ransomware was based on came from NSA cyber tools.
The tool was used by another group of hackers to infect hundreds of thousands of computers with the WannaCry virus last week. The identity of that group hasn’t been determined, but cybersecurity firms have discovered similarities to previous attacks linked to the Lazarus Group, a hacking team tied to North Korea.
“TheShadowBrokers is not being interested in bug bounties, selling to cyber thugs, or giving to greedy corporate empires,” the statement says. “TheShadowBrokers is taking pride in picking adversary equal to or better than selves, a worthy opponent. Is always being about theshadowbrokers vs theequationgroup.”
The Equation Group is a hacking group with suspected links to NSA. The ransomware relies on a flaw in the code for older versions of Windows for which Microsoft issued a patch on March 14.
The massive attack Friday from the “WannaCry” malware crippled more than 20% of hospitals in the United Kingdom and affected more than 200,000 victims in 150 countries. The attack had its biggest impact on computers in Europe and Asia. The WannaCry attackers demanded $300 per computer in bitcoin payments to unlock infected computers, but experts have estimated that the plot took in less than $100,000.
The impact on the United States was minimal. Jeannette Manfra, a Homeland Security cybersecurity official, said fewer than 10 companies reported only minor disruptions. The federal government was not affected, she said.
“It is dying down,” Manfra said. “But we are not reducing our level of effort.”
Europol’s European Cybercrime Center says it is working closely with cybercrime units in affected countries and key industry partners to “mitigate the threat and assist victims.” It called the attack “unprecedented” and said it would require a complex international investigation to sort out the culprits.
Marcy Wheeler, a longtime national security blogger, wrote that Tuesday’s threat “brings the hammer” to Microsoft and the NSA.
“Shadow Brokers will ratchet up the hostility between Microsoft and the government,” Wheeler wrote. “It might even force some disclosure about exploits more critical to NSA’s current toolkit than the very powerful tools Shadow Brokers already used to create a global ransomware worm.”
Contributing: Kevin Johnson