WannaCry ransomware attack might have slowed down, but it has managed to infect over 300,000 computers globally, with many businesses and even hospitals losing access to precious data. The WannaCry ransomware attack had exploited a vulnerability in Windows OS called EternalBlue, for which Microsoft had sent a patch in March.
This EternalBlue vulnerability was actually first discovered by the US security agency NSA, but the agency’s hacking arsenal was stolen by the Shadow Brokers, and now the hacker group responsible for this theft has written a blogpost.
In their post, the Shadow Brokers have come out to warn the NSA and said they have access to “75 per cent of US cyber arsenal.” The group is also promising that June will be the data dump month.
The post says they will launch a “new monthly subscription model,” and compare it to “wine of month club.” It adds, “Each month peoples can be paying membership fee, then getting members only data dump each month.”
The Shadow Brokers are threatening to make public more of the exploits and tools that they have access to, thanks to the NSA hack. According to them, the list includes “web browser, router, handset exploits and tools, exploits for Windows 10, compromised network data from more SWIFT providers and Central banks.” Worryingly it also includes nuclear, missile program data from Russia, China, Iran and North Korea.
From the letter, it looks like group tried auctioning these hacking tools, but they didn’t really find buyers for the same. The group also mentions ‘The Equation Group’, which is supposed to be a hacking group linked to the NSA.
Shadow Brokers claim they are not “interested in stealing grandmothers’ retirement money,” but rather this whole fight is about them vs theequationgroup. The group also says the EternalBlue exploit is not a ‘zero-day one’ (this kind of bug or vulnerability is something which has never been discovered before), but rather says the security patch was available for 30 days, before they decide to dump the data to the public.
It also alleges that Microsoft and NSA have close ties, and claims the NSA’s hacking group has large enterprise contracts with the company. Microsoft has been critical of the US government over this stockpiling of vulnerability code, and said this was equivalent to the government losing it stock of ‘Tomahawk missiles.”
So far experts are still trying to figure out the hackers or group responsible for this. There have been other reports linking the WannaCry code with the one from the Lazarus Group, which is believed to have been responsible for the 2014 Sony hacking.
Experts are also looking at whether the ‘Kill Switch’, which was discovered accidentally by a cyber-security expert in England, was intentional. According to reports, the fear is that the next such attack might not have a kill switch.