‘WannaCry hero’ Marcus Hutchins will not be punished for his own malware past

Marcus ‘Malwaretech’ Hutchins, the security researcher who discovered the kill switch in WannaCry, will not receive further punishment for his own malware history. The judge finds his more recent past as a white hat and the time he has already been in prison sufficient.

In addition to time served, Hutchins will also be under surveillance for another year, ZDNet writes, and the Briton may not be allowed to enter the US in the future because of his criminal record. In addition to his move to white hat, it also worked in Hutchins’ favor that he pleaded guilty and repeatedly apologized to the users affected by the malware he had written. It concerns the Kronos malware and Upas Kit, which he wrote between 2012 and 2015.

Hutchins did criticize the FBI’s working methods: he was allegedly interrogated while intoxicated and suffering from sleep deprivation. The FBI also allegedly lied to him when he was arrested in 2017 about why he was being questioned.

Hutchins was the one who found the kill switch in the devastating WannaCry malware of 2017. The ransomware only did its job if it didn’t get a response to a request for a particular domain name. After Hutchins registered this name, WannaCry fell silent. The malware took advantage of the EternalBlue vulnerability. Incidentally, Microsoft and the US government warn that a similar vulnerability has been discovered and fixed, but that they should speed up installing that update.