A group of suspected National Security Agency (NSA) leakers known as the ShadowBrokers on Tuesday announced more details of its monthly subscription service to provide remaining documents from its NSA cache.

The group has been releasing files that appear to have been pilfered from the NSA in 2013 since last summer — most notably releasing a suite of Windows hacking tools that were subsequently used in the WannaCry ransomware that induced a global panic earlier this month.

The ShadowBrokers on Tuesday posted instructions on how to join a "Wine of the Month" club for new NSA leaks. In the post, the group said interested parties should send 100 ZCash coins — a digital currency akin to bitcoin — to sign up for the service. Enrollment will begin June 1 and end June 30.

ADVERTISEMENT

ZCash coins are currently worth more than $230 apiece, making the signup cost over $23,000. Only available since October, ZCash is a relatively new entry into the digital currency market, something the ShadowBrokers address in a Q&A section of its post:

"Q: Is Zcash safe and reliable?

"[Explitive] no! If you caring about loosing $20k+ Euro then not being for you. Monthly dump is being for high rollers, hackers, security companies, OEMs, and governments. Playing 'the game' is involving risks."

The post is written in the ShadowBrokers's trademark inconsistent broken English, widely believed to be an attempt to conceal the group's identity.

Little is known about the ShadowBrokers, including whether it is a group or an individual, as well as whether it is hackers or NSA insiders leaking files. It first appeared in August trying to auction the complete set of tools, releasing an initial leak purportedly to drum up interest in the sale.

ADVERTISEMENT

The group leaked additional documents throughout the year despite abandoning the auction for other ultimately unsuccessful revenue models due to lackluster bidding. In January, the ShadowBrokers announced it had given up actively trying to sell the NSA files.

It returned in April to leak Windows tools in what the Brokers said was a protest of President Trump abandoning his hard-right positions for a more centrist view.

In an apparent attempt to capitalize on the notoriety of WannaCry, the ShadowBrokers announced its monthly leaking service just after WannaCry warranted international headlines.

The leaked documents appear to be at least in part genuine NSA documents. One of the hacking tools released by the group contained an identification code mentioned in a previously unreleased Edward Snowden file.

The ShadowBrokers claim it will not announce the contents of the monthly leaks in advance.

"Q: What is going to be in the next dump?" ask the Brokers in the Monday post.

"TheShadowBrokers is not deciding yet. Something of value to someone. See theshadowbrokers’ previous posts... Peoples is seeing what happenings when theshadowbrokers is showing theshadowbrokers’ first. This is being wrong question. Question to be asking 'Can my organization afford not to be first to get access to theshadowbrokers dumps?'"