The group that released the likely NSA-designed hacking tool used in the international "Wanna Cry" ransomware attack announced a monthly subscription service Tuesday for its remaining cache of stolen documents.
The anonymous ShadowBrokers, who have been periodically releasing source code and documents believed to have been stolen from the National Security Agency since the summer, announced the new monetization scheme in a post early Tuesday morning. The message was written in broken English typical of the group.
"Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members," the Brokers wrote.
Tools released by the ShadowBrokers are believed to have been used in the international Wanna Cry ransomware attack, which encrypted data in computers in 150 countries and temporarily shuttered some British hospitals and a Spanish telecom.
Ransomware is a type of malware that encrypts a target's files, with the attacker providing the decryption key only after a ransom is paid, usually in bitcoins.
ShadowBrokers first leaked files in August it claimed were from a vaunted NSA-affiliated hacking operation known as the Equation Group, advertising an auction for the files. The files contained previously unknown, working techniques to bypass security hardware from major manufacturers. The release lead to a scramble to patch those products.
The Intercept reported that evidence within the leaked source code showed that the Brokers were correct about the files' provenance.
Though the files appeared to be real, ShadowBrokers failed multiple times to sell the tools, in part because of the lopsided terms they required for potential buyers.
In January the group sent a goodbye post, but returned in April to release a package of Windows hacking tools that included the one used in Wanna Cry. The April release was presented as a protest against President TrumpDonald TrumpMark Walker to stay in North Carolina Senate race Judge lays out schedule for Eastman to speed up records processing for Jan. 6 panel Michael Avenatti cross-examines Stormy Daniels in his own fraud trial MORE for becoming more centrist and turning his back on the hard-right base that got him elected. In it, the Brokers claimed to be Trump voters.
In their Tuesday post, the Brokers say data from that hacking operation and from other high-profile hacking operations might be included in the "wine of the month" club.
Tuesday's post, titled "OH LORDY! Comey Wanna Cry Edition," also takes shots at Windows network administrators that did not update their software in time to stave off Wanna Cry — noting that the group announced early on in their campaign what files it had to release, giving people some notice to patch their systems.
"TheShadowBrokers is feeling like being very responsible party about Windows dump. Do thepeoples be preferring theshadowbrokers dump windows in January or August? No warning, no time to patch? this is being theshadowbrokers version of alternative facts," wrote the group.