US detains researcher who stopped WannaCry outbreak

  • Liam Tung (CSO Online)
  • 04 August, 2017 03:55

US authorities have detained the British security researcher who is credited with stopping the spread of the WannaCry ransomware outbreak in May. 

The researcher, Marcus Hutchins, known on Twitter as MalwareTech, was reportedly taken by US authorities to a detention center in Nevada early on Thursday. 

Hutchins has been hailed a hero for having minimized, albeit accidentally, the impact of WannaCry ransomware on US organizations after it swept across Europe, creating havoc for the UK’s NHS. 

The researcher halted the spread of WannaCry ransomware in May by registering a domain name used by the unknown operators of the malware. That provided a so-called “kill switch” that stopped the malware from infecting more computers. 

WannaCry infected around 200,000 computers in 150 countries, significantly more than the recent NotPetya malware outbreak that hit several global firms causing hundreds of millions worth in damages. 

At the time of his detention, Hutchins was returning to the UK after attending the Black Hat and DefCon security conferences in Las Vegas, where he’s been regularly updating his travels. The researcher appeared to have been received warmly by attendees.  

Hutchins' detainment was first reported by Vice’s Motherboard today. The publication noted he had been transferred from the Henderson Detention Center in Nevada to an unknown facility.  

The US Justice Department has indicted Hutchins for his alleged role in creating and distributing the Kronos banking trojan, according to The Verge, which notes it mostly concerns an unnamed co-conspirator who sold it on underground forums and posted instructions on You Tube for how to use it. Kronos was discovered in July 2014.  

Hutchins’ friend, Andrew Mabbit, a UK security researcher also in Las Vegas for the conferences, confirmed his detainment, noting Hutchins had no present legal representation and that an effort was underway to provide it. 

News of Hutchins' arrest followed reports on Wednesday that someone had withdrawn about $140,000 from the Bitcoin wallets that were used to collect payments from victims of the May WannaCry attack. 

Hutchins has written about his efforts to create a Windows bootkit in 2014 under the title "Coding Malware for Fun and Not for Profit (Because that would be illegal)".