FBI Arrests Researcher Who Found 'Kill-Switch' to Stop Wannacry Ransomware

Marcus-Hutchins-Arrested-by-FBI

The 22-year-old British security researcher who gained fame for discovering the "kill switch" that stopped the outbreak of the WannaCry ransomware—has been reportedly arrested in the United States after attending the Def Con hacking conference in Las Vegas.


Marcus Hutchins, operates under the alias MalwareTech on Twitter, was detained by the FBI in the state of Nevada, a friend of Hutchins confirmed Motherboard.


At the time of writing, it is unclear why the Internet's 'accidental hero' has been detained by the FBI, but his arrest has sparked an endless debate in the security community.

Hutchins became famous over two months ago when the WannaCry ransomware began hitting businesses, organisations and individuals across the world, and he accidentally halted its global spread by registering a domain name hidden in the malware.

hxxp://www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com

The domain as mentioned above was responsible for keeping WannaCry ransomware propagating and spreading like a worm, and if the connection to this domain fails, the SMB worm proceeds to infect the system.


Fortunately, Hutchins registered this domain in question and created a sinkhole–tactic researchers use to redirect traffic from the infected machines to a self-controlled system.


Hutchins is quite active on Twitter, but from last 24 hours, we have not seen any tweet from his account, which suggests the reports are likely correct.


Andrew Mabbitt, Hutchins’s friend has confirmed that he has currently been detained at FBI’s field office in Las Vegas. His friend is also asking for some legal help.
"His friends Andrew Mabbitt, Finally located @MalwareTechBlog, he's in the Las Vegas FBI field office. Can anyone provide legal representation?" Mabbitt tweeted.
Just today, in a separate news we reported that the hackers behind WannaCry cashed out over $140,000 from their Bitcoins wallets, where victims were instructed to send ransom payments.


Since both news came on the same day, some people have started making conspiracy theories about the involvement of both the events, though nothing is clear at this moment.

WannaCry was really bad, as the nasty ransomware forced the British NHS (National Health Service) to shut down hospitals and doctor's surgeries, and infected a Spanish telecommunications company and Russian mobile operator, among much more.


Even a month after its outbreak, the WannaCry ransomware was found infecting systems at Honda Motor Company, forcing its Japan-based factory to shut down its production, and 55 speed and traffic light cameras in Victoria, Australia.


The British National Crime Agency has confirmed an arrest of a British citizen but hasn't confirmed it is Hutchins.
"We are aware a UK national has been arrested, but it’s a matter for the authorities in the US," an NCA's spokesperson told the publication.

Update: Marcus Hutchins Accused for Creating Banking Malware

According to a spokesperson from the U.S. Department of Justice Hutchins has been arrested by the FBI for "his role in creating and distributing the Kronos banking Trojan" between 2014-2015.


Kronos malware was distributed via emails with malicious attachments containing compromised Microsoft word documents and used to hijack credentials such as banking passwords to let attackers steal money with ease.


According to Hutchins indictment, shown below, he has been accused of six counts of hacking-related crimes along with another unnamed co-defendant allegedly involved in the development of Kronos malware.


In 2014, the Kronos banking malware was made available for purchase in a Russian underground forum for a price tag of $7,000, with even an option for users to test the malware for a week before buying it.


Last year researchers also discovered that this banking Trojan was used in 2015 campaign for distributing point-of-sale (POS) malware dubbed ScanPOS as the secondary payload.


Story is in developing...Stay Tune!

Comments