Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

WannaCry Kill Switch Researcher Faces New Hacking Charges

A man credited with helping to prevent the spread of WannaCry has been hit by more hacking charges in the US.

Marcus Hutchins, the “MalwareTech” researcher who helped to find a kill switch for the infamous ransomware, was arrested on his way home from a security conference last August.

At the time he was accused of helping to author the Kronos banking Trojan.

Now he’s been charged with also developing and distributing UPAS Kit, a "modular HTTP bot" designed to install on victims’ machines without alerting AV tools.

“UPAS Kit allowed for the unauthorized exfiltration of information from protected computers,” court documents claim. “UPAS Kit used a form grabber and web injects to intercept and collect personal information from a protected computer.”

In response to the new charges, Hutchins struck a typically dogmatic tone on Twitter.

“While this all sucks a lot, I can't stop laughing at the irony of the superseding indictment coming exactly on the 1 year anniversary of me receiving an award for stopping WannaCry,” he said.

“Wonder how long until I get indicted for conspiracy to commit jaywalking after my parents carried me while crossing the road in 1995.”

The cybersecurity researcher, who is unable to work whilst in the US but also unable to leave the country, is asking for more money to help support his legal case.

“Spend months and $100k fighting this case, then they go and reset the clock by adding even more bullshit charges like ‘lying to the FBI’,” he said.

WannaCry infected hundreds of thousands of computers in 150 countries around the world when it struck in May 2017, causing widespread damage to the NHS where an estimated 19,000 appointments and operations were cancelled.

Experts believe the impact could have been far worse had the “kill switch” domain not been registered, effectively curtailing the worm.

What’s Hot on Infosecurity Magazine?