WannaCry ransomware has been in the news recently as one of the more massive ransomware operations in a long time. The ransomware worked by exploiting the Windows SMB and this exploitation allowed it to hold thousands of computers hostage. The leaking of EternalBlue, the SMB exploit, was done by the Shadow Brokers. This group now claims they have even more ways to attack and will release these tools of attack on subscription. It also claims to have data from the NSA on banks and missile programs.
The group first appeared the last august with the claim they had access to the tools of The Equation, a cyber-espionage group which is widely believed to be the NSA’s own hacking group. After that not much more was heard until just before the WannaCry attacks.
They initially released hacking tools and claimed they had more which they would sell for around 10000 bitcoins. This large selling price and lack of specificity (10000 bitcoins equates to about $12 million USD) didn’t attract any bids and so more information was dumped. In this information dump, IP addresses of systems targeted by the equation were present. This still wasn’t enough to keep them active at the time and the group supposedly wrapped up in January after disabling online accounts.
Their recent return was a surprise and it seems they still were able to access information from the Equation. Their first release after re-emergence showed malware implants that were indicated to have been implanted by the Equation.
The focus on subscription based service for their tools represents a new move for Shadow Brokers. Data will be leaked monthly and will include exploits for web browsers, mobile devices and routers. Even more serious is that there will be exploits for Windows 10 which was seen as relatively safe previously. Data will also be present that was taken from the Equation. This would include bank information stolen from SWIFT providers. The group takes no stance on what should be done with these exploits and says it’s up to the subscribers to know how to use them best.
If successful, it would make subscriptions be the first payment to Shadow Brokers by any means. Their releases of the tools of the Equation has been released completely for free, at least as far as the public knows. The group has expressed annoyance at a lack of interest in what they have to offer in some of their communication. Considering the reliability of their data and potential hackers have to make large sums from it (it does have bank data, after all) it is a bit surprising that the less ethical sectors of the internet haven’t cashed in for WannaCry ransomware.
There is no guarantee that more interest will arise from this subscription model as the most important criteria, price, has not yet been released. But considering that the group seems to leak information that holds up as legitimate, it would be a good guess that the data they have will be coming out whether paid for or not.