WannaCry ransomware hero won’t go to prison for creating banking malware

Posted at 3:59 PM, Jul 26, 2019
and last updated 2019-07-27 13:09:10-04

Marcus Hutchins, the British cybersecurity researcher who gained notoriety for stopping a destructive worldwide virus before being arrested by the FBI on hacking charges, won’t face additional prison time, a judge ruled Friday.

Hutchins became a national hero under his pseudonym in May 2017, when the North Korean WannaCry worm, which locks computers and finds ways to seek out others to infect, wrecked computers around the world. Working from his parents’ house, Hutchins discovered a kill switch to stop WannaCry, halting its spread.

The attack cost the UK’s National Health Service, which was heavily infected, an estimated £92 million ($114 million) alone.

Just three months later, while visiting Las Vegas during hacking conference DEF CON, the FBI arrested and jailed Hutchins. They claimed he helped create Kronos, a less-known malware designed to steal the credentials used to log into bank accounts.

Since then, Hutchins has had to stay in Los Angeles while he awaited the ruling in his case. He initially denied the charges, but in April he admitted his role in Kronos and took a plea deal, the terms of which stipulated that all but two counts would be dropped.

Hutchins is a beloved figure for many in the information security community and received an outpouring of character letters vouching for him.

U.S. District Judge J.P. Stadtmueller, who oversaw the case, “recognized Marcus’ important contributions to society and sentenced him to time served, even suggesting Marcus should seek a pardon,” Hutchins’s lawyer, Marcia Hofmann, tweeted.

Hutchins, who posts as @MalwareTech on Twitter, expressed his thanks to his supporters after the ruling.