A few months after being hailed a hero for stopping the WannaCry malware that affected businesses and individuals around the world, Marcus Hutchins was reported to have been arrested by US authorities.
Hutchins became an ‘accidental hero‘ after discovering and creating the kill switch that eventually stopped the WannaCry ransomware attack that had crippled thousands of business and personal computers and their files.
According to reports, Hutchins was arrested by FBI agents on Wednesday at the Las Vegas McCarran International Airport after attending the Black Hat and Def Con conferences. The arrest was made shortly before his plane was due to fly home. He was taken to Henderson Detention Center in Nevada before being moved to the Las Vegas FBI field office.@MalwareTechBlog was arrested over allegations of spreading #KronosMalwareClick To Tweet
WannaCry Hero Nabbed; Hutchins’ Involvement in Kronos Distribution
According to an indictment released by the U.S. Justice Department, Hutchins faces six counts of helping to create, spread and maintain the banking Trojan Kronos between 2014 and 2015.
Hutchins allegedly “created the Kronos malware”, together with another person who was not named, and later sold it for $2,000 USD online. A part of a statement from the Justice Department reads:
“Marcus Hutchins… a citizen and resident of the United Kingdom, was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan.
The charges against Hutchins, and for which he was arrested, relate to alleged conduct that occurred between in or around July 2014 and July 2015.”
Further reports stated that Hutchins’ co-defendant advertised the Kronos malware for sale on AlphaBay.
It should be remembered that AlphaBay was taken down by authorities last month after a series of sting operations that saw its alleged operator, Alexander Cazes, captured and jailed. Casez, however, was reported to have taken his life inside his jail cell.
According to the indictment, the malware was sold two months after it was advertised online. However, it was not stated if the malware was also sold through AlphaBay.
Hutchins was arraigned on Thursday but made no statement in court except for a few words in response to basic questions from the judge.
If found guilty, Hutchins and his co-defendant could face up to 40 years in prison. Tor Ekeland, a U.S. lawyer who specializes in defending alleged cyber criminals, said:
“The maximum statutory sentence he could face is decades, roughly 40 years. Would he get that? I doubt it; it would be a bizarre outcome. Is it possible? It sure is.”
Ekeland further said that it would be ‘highly likely’ that Hutchins will be refused bail because he is not a U.S. citizen and could be deemed as a flight risk.
Hutchins is scheduled to appear in court on Friday. If he pleads guilty, he might get a shorter prison sentence or be on supervised release. If he pleads not guilty, he will be moved by authorities to Wisconsin where he will stand trial that could start between three months and three years.
“The main thing to do now is enter a not guilty plea as soon as you can, get him out on bail, and then you’ve got some breathing room,” Ekeland said, while also adding:
“There’s not a single allegation that he made any money or anybody came to any harm from it. The indictment is very thin. It’s legally bizarre and there’s little detail.”
Hours after the arrest of Hutchins, it was also discovered that over $130,000 USD worth of Bitcoin ransom taken by the creators of WannaCry was moved within the Bitcoin network for the first time since the release of the malware. However, there is no concrete evidence that the withdrawals are connected to the arrest of Hutchins.
Hutchins is also known by his pseudonym MalwareTech, which he uses in his social media accounts and blogs.