Security Researcher Who Thwarted WannaCry Ransomware Pleads Guilty to Malware Development and Distribution

The security researcher who identified and activated the kill switch in WannaCry ransomware in 2017 and played a critical role in stopping the global attacks has pleaded guilty to helping to develop and distribute banking Trojans.

Marcus Hutchins (aka MalwareTech) was initially called a hero for his role in blocking the WannaCry attacks in May 2017; however, in August of the same year, he was arrested by the FBI in the United States after attending the Black Hat and Def Con security conferences in Las Vegas.

Hutchins, 24, of Devon, England, was accused of helping to develop and distribute the Kronos banking Trojan and other malware. Initially, he pleaded not guilty and claimed he would fight the charges, but he confirmed on Friday that he has changed his mind and has now pleaded guilty to two counts of developing and distributing malicious software.

Kronos captures sensitive information which can be used to gain access to bank accounts. Hutchins was also accused of helping to develop another similar malware variant called UPAS-Kit. He has not been charged with personally using or selling the malware.

As part of the guilty plea, the prosecutors have dropped eight additional counts. Faced with those additional charges, the cost of mounting a legal defense, and the potential fine and jail time had his defense failed and he was found guilty, it is no surprise that Hutchins changed his plea.

Each of the charges carries a maximum sentence of 5 years in jail, a fine of $250,000, and up to one year of supervised release. It may also be necessary for restitution to be paid to victims.

Sentencing guidelines have not yet been issued, but his fast action to stop the WannaCry attacks and his work as a white hat hacker in recent years may well be taken into consideration. Hutchins was accused of developing the malware between 2012 and 2015, and during part of that period he was a minor, which may also be taken into consideration when deciding his sentence.

How much jail time Hutchins will serve remains to be seen. In the United States, unlike many other countries, prosecutors often seek the maximum possible sentence in an attempt to deter other young hackers.

Since being arrested, Hutchins has remained in the United States and has been working for the security consultancy firm Kryptos Logic reverse engineering malware – Helping to prevent and block even more attacks.

While Hutchins is now using his skills for constructive purposes to keep people safe from malware attacks, in the past he admitted misusing his skills. “I regret these actions and accept full responsibility for my mistakes,” said Hutchins in his blog post.

It could be argued that to be a good white hat hacker you need to spend some time being a black hat hacker, although Hutchins poits out that is not the case. “There’s misconception that to be a security expert you must dabble in the dark side. It’s not true. You can learn everything you need to know legally. Stick to the good side,” he said.

It is currently unclear when Hutchins will be sentenced.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of