U.K. Researcher Who Stopped WannaCry Indicted in U.S.The indictment, filed on July 11 in Wisconsin District Court, says that 'Defendant Marcus Hutchins created the Kronos malware,' alongside another person.
This story originally appeared onPCMag
A researcher who played a role inhalting the spreadof the WannaCryransomwarehas been indicted by U.S. authorities for allegedly creating the Kronos malware with another individual.
AsMotherboard reports, U.K.-based researcher Marcus Hutchins,known onlineas MalwareTech, was arrested in Las Vegas this week, where he was attending theBlack Hatand Defcon security conferences.
Theindictment, filed on July 11 in Wisconsin District Court, says that "Defendant Marcus Hutchins created the Kronos malware," alongside another person, whose name has been redacted from the filing. Between July 2014 and July 2015, the two "intentionally cause[d] damage without authorization to 10 or more protected computers," it says.
A spokeswoman for the FBI's Nevada office referredPCMagto the Department of Justice, which did not immediately respond to a request for comment.
Hutchins made headlines in May when he stopped the spread of theWannaCryby accident. He noticed the ransomware "queried an unregistered domain, which I promptly registered." But WannaCry looks to connect to that unregistered domain. If it can't connect, "it ransoms the system," MalwareTech explained. If it connects to the domain, though, "the malware exits" and the system is not compromised. After the registration, WannaCry connected to the domain and was stopped in its tracks.
According to the indictment, Hutchins's alleged co-conspirator posted a video that demonstrated how the Kronos malware worked on July 13, 2014. The person then offered to sell the Kronos banking trojan for $3,000 "on an internet forum."
Hutchins reportedly helped this person update the Kronos malware in February 2015, after which it was advertised for sale on the (now-defunct) AlphaBay dark web forum. In June 2015, it sold for about $20,000 in digital currency, the indictment says.
As some havepointed outonline, Hutchins requested a Kronos sample on the day the video in question went up.
Anyone got a kronos sample?
— MalwareTech (@MalwareTechBlog)July 13, 2014
Fellow researcher Andrew Mabbitt, whotraveledto Las Vegas with Hutchins and several other colleagues,sayshe refuses to believe the charges. "He spent his career stopping malware, not writing it," Mabbitt says of Hutchins.
Mabbitt says he will be "crowdfunding legal fees soon." The Electronic Frontier Foundation, which often steps in to assist with cases like this,tweetedthat it is "deeply concerned about security researcher Marcus Hutchins' arrest. We are looking into the matter, and reaching out to Hutchins."
