UK Researcher Who Stopped WannaCry Indicted in US

A researcher who played a role in halting the spread of the WannaCry ransomware has been indicted by US authorities for allegedly creating the Kronos malware with another individual.

As Motherboard reports, UK-based researcher Marcus Hutchins, known online as MalwareTech, was arrested in Las Vegas this week, where he was attending the Black Hat and Defcon security conferences.

The indictment, filed on July 11 in Wisconsin District Court, says that "Defendant Marcus Hutchins created the Kronos malware," alongside another person, whose name has been redacted from the filing. Between July 2014 and July 2015, the two "intentionally cause[d] damage without authorization to 10 or more protected computers," it says.

A spokeswoman for the FBI's Nevada office referred PCMag to the Department of Justice, which did not immediately respond to a request for comment.

Hutchins made headlines in May when he stopped the spread of the WannaCry by accident. He noticed the ransomware "queried an unregistered domain, which I promptly registered." But WannaCry looks to connect to that unregistered domain. If it can't connect, "it ransoms the system," MalwareTech explained. If it connects to the domain, though, "the malware exits" and the system is not compromised. After the registration, WannaCry connected to the domain and was stopped in its tracks.

According to the indictment, Hutchins's alleged co-conspirator posted a video that demonstrated how the Kronos malware worked on July 13, 2014. The person then offered to sell the Kronos banking trojan for $3,000 "on an internet forum."

Hutchins reportedly helped this person update the Kronos malware in February 2015, after which it was advertised for sale on the (now-defunct) AlphaBay dark web forum. In June 2015, it sold for about $20,000 in digital currency, the indictment says.

As some have pointed out online, Hutchins requested a Kronos sample on the day the video in question went up.

Anyone got a kronos sample? — MalwareTech (@MalwareTechBlog) July 13, 2014

Fellow researcher Andrew Mabbitt, who traveled to Las Vegas with Hutchins and several other colleagues, says he refuses to believe the charges. "He spent his career stopping malware, not writing it," Mabbitt says of Hutchins.

Mabbitt says he will be "crowdfunding legal fees soon." The Electronic Frontier Foundation, which often steps in to assist with cases like this, tweeted that it is "deeply concerned about security researcher Marcus Hutchins' arrest. We are looking into the matter, and reaching out to Hutchins."

About Our Expert

Chloe Albanesius

Executive Editor, News

My Experience

I started out covering tech policy in DC for The National Journal, where my beat included state-level tech news and all the congressional hearings and FCC meetings I could handle. I later covered Wall Street trading tech before switching gears to consumer tech. I now lead PCMag's news coverage.

My Areas of Expertise

Getting my start in DC means I still have a soft spot for tech policy; Congressional hearings can sometimes be as entertaining as a Bravo reality show, for better or worse. But PCMag is all about the technology we use every day, as well as keeping an eye out for the trends that will shape the industry in the years ahead (or flop on arrival). I've covered the rise of social media, the iOS vs. Android wars, the cord-cutting revolution that's now left us with hefty streaming bills, and the effort to stuff artificial intelligence into every product you could imagine. This job has taken me to CES in Vegas (one too many times), IFA in Berlin, and MWC in Barcelona. I also drove a Tesla 1,000 miles out west as part of our Best Mobile Networks project. Of late, my focus is on our hard-working team of reporters at PCMag, guiding and editing their robust coverage.

Read the latest from Chloe Albanesius

Read full bio