On Thursday April 6, 2017, President Trump ordered a Tomahawk missile attack on a Syrian military airfield. This was a direct response to President Assad’s use of sarin gas to attack Syrian dissidents. Just two days later, the password to an encrypted archive of cyber weapons (stolen from the U.S. National Security Agency) was posted by the so-called Shadow Brokers cyber group. This hacking group is thought to have connections with Russia, which is the leading supporter of the Assad regime. They were angered by President Trump’s action.
An immediate beneficiary of this password release was the Lazarus Group, linked with North Korea, which had been launching ransomware attacks at targets over the previous several months. What they lacked was an effective tool to propagate their ransomware from computer to computer. This missing tool, a Microsoft Windows bug called “EternalBlue”, they now were gifted thanks to Shadow Brokers.