WannaCry hero Marcus Hutchins awaits court appearance on malware charges.
No good deed goes unpunished, apparently, as news circulated late last week of hacker Marcus Hutchins’ arrest and detainment in Las Vegas. For those unfamiliar with the name, Hutchins is the young hacker who stumbled upon the solution for the WannaCry ransomware attack and put a stop to its spread.
WannaCry infected more than 300,000 computers around the globe at the height of its spread, impacting individuals, government agencies, the medical industry, and more. It demanded $300 in cryptocurrency in order to unlock the victim’s computer; at the time, one of the hardest hit victims was the UK’s NHS.
For his part, Hutchins uncovered a self-destruct button for WannaCry in May of this year. Rather than sit on the information or sell it to the highest bidder, he stepped up and made it available to unlock ransomed networks. His heroism can now cost him a possible forty year prison sentence, not for his WannaCry rescue, but for his association with a separate malicious software, Kronos.
Hutchins appeared at a tech event in Las Vegas where he was picked up by officials from the FBI. He and another unnamed person were arrested but the legal issues he faces are murky. Hutchins seemingly wrote the banking trojan software, and the other individual sold it to hackers. While legal experts have weighed in on the likelihood that Hutchins will actually receive the possible forty year sentence he could be given, others have argued that this is akin to arresting the gun manufacturer should a firearm be used in a murder case. That’s something the US gun lobby has blocked in civil suits, let alone criminal cases.
In an interesting twist, sometime after Hutchins’ arrest, the money victims paid to unlock WannaCry from their networks – which has sat untouched all this time – was drained from the accounts. The cryptocurrency totaled around $140,000.