Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Shadow Brokers Want $20,000 for Monthly Leaks

The Shadow Brokers have provided more details on the monthly subscription service announced two weeks ago. Those interested in obtaining exploits and other information from the group will have to pay a monthly fee of roughly $20,000.

The Shadow Brokers have provided more details on the monthly subscription service announced two weeks ago. Those interested in obtaining exploits and other information from the group will have to pay a monthly fee of roughly $20,000.

The Shadow Brokers announced the “monthly dump service” following the WannaCry ransomware attacks, which leveraged an exploit leaked by the group. The exploit in question, dubbed EternalBlue, was one of the many files allegedly stolen from the NSA-linked actor known as the Equation Group.

The hackers have insisted that their main goal is to make money, and since their previous attempts have had little success, they have now decided to offer the remaining Equation Group files for a monthly fee.

While some experts believe the most important files may have already been made public, the group claims it’s still in possession of a lot of data, including exploits for Windows 10, web browsers, routers and smartphones, SWIFT network data, and information on nuclear and missile programs in Russia, China, Iran and North Korea.

The first monthly dump will be made available sometime between July 1 and July 17. The hackers claim they have yet to decide on what to leak, but it will be “something of value to someone.”

Individuals and organizations that want to receive the files will have to pay 100 units of Zcash, a digital currency advertised as “permissionless cryptocurrency that can fully protect the privacy of transactions using zero-knowledge cryptography.”

The 100 Zcash, currently worth roughly $20,000, must be sent to a specified address during the month of June along with an email address to which the files will be delivered. The group said the files will be sent out as a “mass email,” which indicates that all subscribers will receive the same files.

The Shadow Brokers said they realize that $20,000 is not an amount anyone can pay, and pointed out that the monthly dump service is mainly for security companies, governments, OEMs, hackers and “high rollers.” The hackers noted that there are also some risks associated with Zcash, which they can’t guarantee is safe and reliable.

The Shadow Brokers had previously attempted to monetize the Equation Group exploits through auctions, crowdfunding campaigns, and direct sale, but none of the methods was as successful as the group had hoped.

Their latest attempt could be more successful considering that the monthly subscription fee is significantly smaller compared to the thousands of bitcoins they previously demanded. Matthew Hickey, co-founder of security firm Hacker House, has proposed launching a Kickstarter campaign to raise the money. Once the exploits are obtained, they would be analyzed and disclosed responsibly to affected vendors. However, not everyone agrees with the idea.

To date, the Shadow Brokers have managed to earn only 10.5 bitcoins, which is currently worth roughly $24,000. F-Secure’s Mikko Hypponen noticed recently that the hackers had emptied their original Bitcoin wallet and started distributing the money to tens of other addresses.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.