WannaCry hero Marcus Hutchins avoids prison in banking malware case


TS Addict
Staff member

The British security researcher who is known for being the "accidental hero" that stopped the WannaCry ransomware hack in 2017 has managed to dodge a potential 10-year prison sentence for creating and selling banking malware.

For those of you who haven't followed his story, the 25 year-old who's been sentenced to supervised release actually has a dark past. Before he managed to single-handedly stop a dangerous piece of ransomware by registering a domain as a kill switch, Hutchins was already under scrutiny for a couple of banking trojans he had been coding between July 2012 and September 2015.

Soon after becoming an internet sensation for stoping the spread of WannaCry, his fortunes changed when the FBI arrested him in Las Vegas on charges that he had developed and sold a malware called Kronos. He didn't admit to it at the time, but federal prosecutors had enough phone evidence to force him into a plea deal. And sure enough, in April this year he came clean to his role in developing the malware, which also earned him a free pass on eight other charges.

The two banking trojans Hutchins developed are UPAS Kit and Kronos, which was essentially a more potent version of the former. Both worked in a way that allowed them to steal data from online forms, and could also give an attacker ability to remotely control the infected PC.

J.P. Stadmueller, the presiding Judge on the case, gave him credit for turning his life around and noted that people like Hutchins are essential because of their ability to "come up with solutions because that’s the only way we’re going to eliminate this entire subject of the woefully inadequate security protocols."

Still, the British malware researcher might not be able to return to the U.S., but that doesn't seem to bother him in the slightest. He's now looking to continue his contributions to security research, which is a happy ending to all his legal troubles.

Permalink to story.


Hardware Geek

TS Addict
Of course he wants to help people. He got caught selling a program designed to steal data. If he didn't "want to help people", he would be in prison.
  • Like
Reactions: psycros

Uncle Al

TS Evangelist
While I would agree with the Judge I would also have liked to see him sentenced to a "life time of surveillance" to insure he didn't slip back into his old habits. His kind of criminal will be forever dangerous because of what he knows and more importantly for how he knows to apply it ....