back to top

The Guy Who Stopped A Global Cyberattack Has Been Arrested For Allegedly Creating His Own Malware

Marcus Hutchins, the researcher who stopped the WannaCry ransomware attack in May, was arrested Thursday in Las Vegas.

Originally posted on
Updated on

The British cybersecurity researcher best known for stopping one of the world's biggest ransomware attacks was arrested in the US on Wednesday and indicted on charges of creating and selling malware that hijacked financial credentials.

Vice's Motherboard first reported the news of the arrest of Marcus Hutchins, also known online as "Malwaretech, in Las Vegas.

The indictment, filed July 12 after a two-year investigation, charges Hutchins for his alleged role in creating and distributing the "Kronos" malware, which was designed to hijack banking usernames and passwords entered on an infected computer to a control panel hosted on another computer inaccessible to the victim, federal prosecutors said.

Officials allege that Hutchins created and sold Kronos via the now-defunct Dark Web marketplace Alphabay between July 2014 and July 2015 from a home base in Wisconsin.

Hutchins was charged with one count of conspiracy to commit computer fraud and abuse, three counts of distributing and advertising an electronic communication interception device, one count of endeavoring to intercept electronic communications, and one count of attempting to access a computer without authorization, according to the US Attorney's Office for the Eastern District of Wisconsin.

A department of Justice spokesperson told BuzzFeed News that Hutchins is in federal custody in Las Vegas and scheduled to appear in federal court there on August 3.

The indictment also states that Hutchins and a second unnamed defendant advertised and explained how the Kronos malware worked in a since-removed YouTube video, Motherboard reported.

Kronos was configured to obtain user credentials associated with banking systems located in Canada, Germany, Poland, France, and the United Kingdom, among others, prosecutors said.

The malware remains an ongoing threat, they added.

"Cybercriminals cost our economy billions in loses each year," FBI Special Agent in Charge Justin Tolomeo said in a statement. "The FBI will continue to work with our partners, both domestic and international, to bring offenders to justice."

The arrest comes just months after Hutchins, a 23-year-old cybersecurity researcher with the firm Kryptos Logic, emerged as the unlikely death knell for the strain of ransomware dubbed WannaCry in May, which streaked through more than 100,000 computer systems in 150 countries, hobbling vital infrastructure.

36,000 detections of #WannaCry (aka #WanaCypt0r aka #WCry) #ransomware so far. Russia, Ukraine, and Taiwan leading.… https://t.co/w6RNktlLr5

The UK's National Health Service, Spanish telecommunications giant Telefónica, and Russia's Internal Affairs Ministry, as well as other notable targets across the world, ground to a halt in the face of the attack. The attack also affected the US.

Ransomware locks users out of their own computers and smartphones as hackers threaten to erase files and demand payment. The WannaCry virus affected computers using Windows operating systems that had not installed a free update issued in March.

A hacking group called the Shadow Brokers had exploited the vulnerability in April to release documents from the National Security Agency. The NSA had previously developed technology to make use of the weakness.

Hutchins stopped the attack almost by happenstance: He registered as the owner of a website domain name contained in the ransomware's code, which acted as a one-hit KO to a mechanism within its code called EternalBlue.

Before his arrest by FBI agents on Thursday, Hutchins had attended the Black Hat and Def Con cybersecurity conferences in Las Vegas, Motherboard reported.

Cybersecurity researchers, many of whom knew Hutchins, expressed shock and offered opinions on Hutchins' arrest on Twitter.

@MalwareTechBlog I know Marcus. He has a business which fights against exactly this (bot malware), it's all he does… https://t.co/IuqnoFxomX

@MalwareTechBlog 2/ As a writer of code sometimes used in viruses, this worries me. People often ask me to add feat… https://t.co/BNcykXeGQ3

Infosec community is rife with people that did something stupid at least once, don't immediately disregard a person for an allegation alone

Blake Montgomery is a reporter for BuzzFeed News and is based in San Francisco.

Contact Blake Montgomery at blake.montgomery@buzzfeed.com.

Got a confidential tip? Submit it here.