Marcus Hutchins, the 22-year-old British security researcher who recently gained fame for discovering the kill switch that stopped the outbreak of the WannaCry ransomware, has been reportedly arrested in the United States.
Marcus Hutchins operates under the alias MalwareTech on Twitter. His recent arrest has been a topic of much speculation, seeing that initially it was not clear why he was detained.
Hutchins recently came into the spotlight when the WannaCry ransomware began hitting businesses, organisations and individuals across the world, and he accidentally halted its global spread by registering a domain name hidden in the malware.
WannaCry turned into a massive instance of malware attack, crippling healthcare and government services in many countries as well as affecting the production and manufacturing industry. The attack amassed a total of around a $140,000, a meager amount compared to how widespread the attack had grown into.
The attack saw many security researchers try to stall its enormous rise. Hutchins’ “kill-switch” approach finally provided a solution.
The randomly typed-out domain (hxxp://www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com) kept the ransomware propagating, since on failed connection with this domain, the SMB worm proceeded to infect the system. Hutchins employed the sinkhole-tactic by simply registering the domain, thereby stopping further infections.
The news of the arrest, confirmed by a friend Andrew Mabbitt who sought legal help, coincided with reports of a massive cash-out from the Bitcoin wallets where the WannaCry ransoms were deposited.
Amidst speculations, a spokesperson from the U.S. Department of Justice clarified the reason behind the arrest. Hutchins has been arrested by the FBI for “his role in creating and distributing the Kronos banking Trojan” between 2014-2015.
Kronos malware was distributed via emails with malicious attachments containing compromised Microsoft word documents. It was used to hijack credentials such as banking passwords to let attackers steal money with ease.
In 2014, the Kronos banking malware was made available for purchase in a Russian underground forum for a price tag of $7,000, with even an option for users to test the malware for a week before buying it. Last year this banking Trojan resurfaced in a 2015 campaign for distributing point-of-sale (POS) malware dubbed ScanPOS as the secondary payload.
Hutchins has been accused of six counts of hacking-related crimes along with another unnamed co-defendant allegedly involved in the development of Kronos malware.
More information regarding the arrest and Hutchins’ role in creating the Kronos malware is expected to be obtained soon.