Security Researcher Who Stopped WannaCry Ransomware Arrested In US

The security researcher who was responsible for stopping the spread of the WannaCry ransomware attack in May has been arrested and detained by United States law enforcement, Motherboard reported.

Marcus Hutchins a 23-year-old British national better known by his Twitter handle MalwareTechBlog, was arrested at the Las Vegas airport Wednesday after traveling to city for the Black Hat security conference, also known as Def Con.

Read: NSA Hacking Tools Used In WannaCry Global Ransomware Attack Targeting Hospitals, Banks And Tech Companies

A friend of Hutchins told ZDNet the researcher was taken into custody by U.S. Marshals after passing through a security checkpoint. He was briefly held at Henderson Detention Center, a federal facility in Nevada, but has since been moved.

It is believed that Hutchins was taken to a Federal Bureau of Investigation (FBI) field office located in the state. Motherboard first reported on his arrest Thursday.

A CNN report, citing an indictment from the U.S. Department of Justice, Hutchins was arrested for his apparent role in creating and distributing the Kronos banking trojan, a malicious piece of software used to steal banking credentials. The indictment accuses Hutchins of creating the malware in 2014. Another defendent, whose name is redacted, is accused of advertising and selling the malware on dark web marketplaces.

According to the indictment, Kronos was first made publicly available on July 13, 2014. On that very day, Hutchins posted on Twitter asking others in the security research community if they had a sample of the malware to examine.

"My colleague in Las Vegas says this was an FBI arrest. Mr. Hutchins is not in U.S. Marshals custody,” a spokesperson for the U.S. Marshals told Motherboard. The FBI has not yet commented on the apparent arrest.

Law enforcement in the United Kingdom have not provided any additional details regarding the arrest. A spokesperson for the UK National Crime Agency said the arrest was a “matter for the authorities in the US” and the UK's National Cyber Security Centre said it would be inappropriate to comment further" on a law enforcement matter.

Read: WannaCry Ransomware Update: $143,000 Withdrawn From Ransom Wallets

Hutchins is best known for his role in stopping the spread of the WannaCry ransomware attack that hit hundreds of thousands of machines earlier this year. Hutchins, a researcher at cybersecurity firm Kryptos Logic, discovered a killswitch within the malicious attack.

The security researcher found a domain listed within the code of WannaCry that, when registered, would stop the software from spreading. Hutchins registered that domain and brought the attack to a sudden halt.

The outbreak of WannaCry outbreak started in May and spread quickly through computer systems, hitting everything from major corporations to hospitals and even traffic cameras. The attack caused significant disruptions in the operations of organizations and individuals.

The attack is believed to have hit more than one million machines in total in more than 150 countries. WannaCry encrypted vital files on an infected machine and demanded a $300 ransom in order to decrypt the information and return access to the victim.

WannaCry spread by making use of a Microsoft Windows exploit known as EternalBlue. The exploit—along with a number of other potentially damaging means of propagation for an attack—were initially developed by the U.S. National Security Agency (NSA) and made public after they were stolen by an anonymous group of hackers known as the Shadow Brokers.

The NSA disclosed the method of attack to Microsoft after the agency learned the exploits were stolen. Microsoft released a patch for the Eternal Blue vulnerability in March for current operating systems and issued an emergency patch for the exploit on outdated machines in May as WannaCry began spreading.