The ShadowBrokers, a group that for more than a year has been leaking documents they claim were taken from the National Security Agency, have resurfaced once again.
"Missing theshadowbrokers? If someone is paying then theshadowbrokers is playing," they wrote in a blog post sent Wednesday.
In the group's latest missive, the ShadowBrokers announced that they will now leak documents twice a month and will continue to double the cost to access the leaks each release. According to the blog post, written in the group's trademark broken English, "September dumps is being exploits."
Previous exploits released from the group have caused massive damage. The global outbreaks of WannaCry and NotPetya ransomware were both based on the same Windows vulnerability released by the ShadowBrokers
Between the two, the systems held hostage by the ransom seeking malware totaled in the hundreds of thousands, including taking out several British hospitals, shipping and pharmaceutical giants and other major global companies.
The Brokers first emerged last summer and have tried various schemes to sell the NSA documents, which appear to be authentic but have not been confirmed by the government. Those documents included tools that could circumvent cybersecurity hardware and breach Windows systems.
The group has tried auctioning the documents, selling them a la carte, crowdfunding a bulk release and, most recently, as a subscription leak service the Brokers have likened to a "wine of the month club."
The subscription service has generated skepticism in the cybersecurity community. The pricing system appears to be over the top — the price doubles every release, leaving an upcoming October release costing more than $3.8 million, well above the market value of sophisticated hacking tools for products sent sight unseen.
There is little information about what files, if any, have actually been released to justify those prices. In their latest statement, the ShadowBrokers gave some clue, including a manual to a product they say was released in a prior leak — UNITEDRAKE, described as a "fully extensible remote collection system designed for Windows targets."