Hackers

U.K. Researcher Who Stopped WannaCry Indicted in U.S.

The indictment, filed on July 11 in Wisconsin District Court, says that 'Defendant Marcus Hutchins created the Kronos malware,' alongside another person.
U.K. Researcher Who Stopped WannaCry Indicted in U.S.
Image credit: Shutterstock
Executive Editor, PCMag
3 min read
This story originally appeared on PCMag

A researcher who played a role in halting the spread of the WannaCry ransomware has been indicted by U.S. authorities for allegedly creating the Kronos malware with another individual.

As Motherboard reports, U.K.-based researcher Marcus Hutchins, known online as MalwareTech, was arrested in Las Vegas this week, where he was attending the Black Hat and Defcon security conferences.

The indictment, filed on July 11 in Wisconsin District Court, says that "Defendant Marcus Hutchins created the Kronos malware," alongside another person, whose name has been redacted from the filing. Between July 2014 and July 2015, the two "intentionally cause[d] damage without authorization to 10 or more protected computers," it says.

A spokeswoman for the FBI's Nevada office referred PCMag to the Department of Justice, which did not immediately respond to a request for comment.

Hutchins made headlines in May when he stopped the spread of the WannaCry by accident. He noticed the ransomware "queried an unregistered domain, which I promptly registered." But WannaCry looks to connect to that unregistered domain. If it can't connect, "it ransoms the system," MalwareTech explained. If it connects to the domain, though, "the malware exits" and the system is not compromised. After the registration, WannaCry connected to the domain and was stopped in its tracks.

According to the indictment, Hutchins's alleged co-conspirator posted a video that demonstrated how the Kronos malware worked on July 13, 2014. The person then offered to sell the Kronos banking trojan for $3,000 "on an internet forum."

Hutchins reportedly helped this person update the Kronos malware in February 2015, after which it was advertised for sale on the (now-defunct) AlphaBay dark web forum. In June 2015, it sold for about $20,000 in digital currency, the indictment says.

As some have pointed out online, Hutchins requested a Kronos sample on the day the video in question went up.

Fellow researcher Andrew Mabbitt, who traveled to Las Vegas with Hutchins and several other colleagues, says he refuses to believe the charges. "He spent his career stopping malware, not writing it," Mabbitt says of Hutchins.

Mabbitt says he will be "crowdfunding legal fees soon." The Electronic Frontier Foundation, which often steps in to assist with cases like this, tweeted that it is "deeply concerned about security researcher Marcus Hutchins' arrest. We are looking into the matter, and reaching out to Hutchins."

More from Entrepreneur

Grow Your Business at Entrepreneur LIVE! Join us on Nov. 16 in Brooklyn, NY, to learn from legends like Danica Patrick and Maria Sharapova, pitch our editors, meet with investors, and potentially walk away with funding!
Register here

One-on-one online sessions with our experts can help you start a business, grow your business, build your brand, fundraise and more.
Book Your Session

In as little as seven months, the Entrepreneur Authors program will turn your ideas and expertise into a professionally presented book.
Apply Now

Latest on Entrepreneur

My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.