FBI arrests WannaCry hero for alleged role in Kronos malware🕵

Marcus Hutchins, who goes by the name “Malwaretech” online, was arrested on six counts on Wednesday as he tried to fly home from Las Vegas, where he was attending the cyber security conferences Black Hat and Def Con.

Marcus Hutchins was hailed as a hero after he discovered a so-called “kill switch” in the WannaCry ransomware that spread through multinationals and the UK’s National Health Service in May. This stopped the spread of the malicious software, which was rendering computers unusable until victims paid a ransom.

Marcus Hutchins is charged with one count of conspiracy to commit computer fraud and abuse, three counts of distributing and advertising an electronic communication interception device, one count of endeavouring to intercept electronic communications and one count of attempting to access a computer without authorisation. The charges were the result of a two-year long investigation by the FBI Cyber Crime Task in Milwaukee.

While major players like Zeus, Gozi, Citadel and other advanced financial malware dominate the malware threat landscape, newcomers and challengers always try to get a share of the cyber crime market. One such new malware that was recently made available for purchase in a Russian underground forum is the Kronos malware. With a $7,000 price tag, this malware offers multiple modules for evading detection and analysis as well as an option to test the malware for a week prior to buying it.

Kronos malware downloaded from email attachments left victims' systems vulnerable to theft of banking and credit card credentials, which could have been used to siphon money from bank accounts.

The indictment alleges that the unidentified co-defendant advertised the Kronos malware on AlphaBay, a dark web marketplace that international authorities took offline last month. Investigators said the site allowed anonymous users to facilitate global trade in drugs, firearms, hacking tools and other illicit goods.

The Justice Department said Kronos was used to steal banking systems credentials in Canada, Germany, Poland, France, the United Kingdom and other countries.

Within the cyber security community, Hutchins was heralded as a folk hero for his apparent role in stopping the WannaCry attack, which infected hundreds of thousands of computers and caused disruptions at car factories, hospitals, shops and schools in more than 150 countries.

A Justice Department official said his arrest was unrelated to WannaCry.

Some security researchers and computer crime experts said they were skeptical of the charges against Hutchins.