WASHINGTON — Cybersecurity experts believe the hacker who leaked the potent software tool that powered last week’s global ransomware attacks is an American — perhaps a disgruntled insider in the U.S. intelligence community.
Such a finding would raise the stakes for halting The Shadow Brokers group, which has bedeviled the National Security Agency with releases of its hacked weaponized cyber exploits for months.
One of those leaked NSA tools allowed extortionists to spark havoc Friday by encrypting the hard drives of more than 200,000 computers in 150 countries, the largest such cyberattack ever to hit the globe. The attackers demanded $300 or more to unlock each computer.
The NSA did not respond to a request for comment.
The Shadow Brokers group first surfaced in August, claiming to have breached the NSA and stolen sophisticated cyber tools. It sought to auction off the NSA exploits but failed to find many buyers, releasing some for free. It periodically has resurfaced with statements.