WannaCry Savior Marcus Hutchins Arrested By FBI For Kronos Trojan Misdeeds

No good deed goes unpunished. That could be the case for UK citizen Marcus Hutchins, who was arrested this week in Nevada by the Federal Bureau of Investigation (FBI). While the name Marcus Hutchins might not be familiar to you, you might recognize his Twitter handle, MalwareTech, and the Los Angeles-based security firm that he works for, Kryptos Logic. It was Hutchins who helped to thwart the initial outbreak of the WannaCry ransomware attack that rocked computer systems around the globe back in mid-May. By registering a domain that WannaCry was pinging, Hutchins effectively activated the ransomware’s kill switch, stopping it from propagating across networks.

Marcus Hutchins
Marcus Hutchins  - Credit NorthSec

However, the FBI was unconcerned with this good deed. Instead, the FBI arrested Hutchins for his alleged part in the Kronos banking malware which made the rounds for a one-year period between July 2014 and July 2015. The arrest took place in Las Vegas, where Hutchins was just about to board a plane to head back to the UK after attending the Black Hat and Def Con conferences.

He is accused of both creating and distributing Kronos with an unnamed coconspirator. According to the indictment [PDF], Hutchins and his partner peddled the trojan on the dark web and through the [now shuttered] AlphaBay marketplace. Kronos was oftentimes distributed using phishing emails and would lead unsuspecting computer users to fraudulent websites that while designed to look like legit banking institutions, would instead nab a user’s credentials in order to drain their accounts.

The FBI and other agencies have reportedly been on Hutchins’ trail for the past two years, and he just so happened to “land” in their laps with his visit to Nevada. As for UK authorities, they seem to be rather unconcerned about the situation, with a spokesperson for the country’s National Crime Agency writing in an email to Motherboard, “We are aware a UK national has been arrested but it's a matter for the authorities in the US.”


Via:  Motherboard
Show comments blog comments powered by Disqus