Security Researcher Who Stopped WannaCry Avoids Jail Time

The 25-year-old Marcus Hutchins was sentenced to one year of supervised release for his past involvement in creating a separate malware strain known as Kronos. In 2017, Hutchins famously activated a kill switch to the WannaCry ransomware attack.

The researcher who helped stop the WannaCry ransomware outbreak will avoid jail time for his past involvement in creating a separate malware strain known as Kronos.

On Friday, a US federal court in Wisconsin sentenced the 25-year-old Marcus Hutchins to one year of supervised release, according to TechCrunch.

“Sentenced to time served!” Hutchins tweeted after the ruling. “Incredibly thankful for the understanding and leniency of the judge.”

Hutchins, who is also known as “MalwareTech,” famously pulled the plug on 2017’s WannaCry outbreak, which infected 300,000 vulnerable Windows machines across the world. Hutchins was able to inadvertently order the attack to stand down by activating a kill switch built into the destructive ransomware strain, which the US has since blamed on North Korea.

The UK-based security researcher was celebrated for his actions. However, months later the US arrested Hutchins in Las Vegas on charges that he created a separate malware strain known as Kronos from between 2012 to 2015, before he was hired as a researcher by the cybersecurity firm Kryptos Logic.

According to federal investigators, Hutchins created Kronos to steal people’s online banking credentials and sold the malware in underground hacking forums. As evidence, the FBI said it had obtained chat logs that showed his involvement in creating the malware strain, which is still in use to this day and may have hit thousands of machines.

Hutchins initially denied the charges, but eventually he entered into a guilty plea for his involvement in creating the malware. “I regret these actions and accept full responsibility for my mistakes,” he said in a posting this April. “Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.”

At today’s sentencing, the presiding judge took into account Hutchins’ age at the time he created the malware, and credited him for “turning a corner” in his life, according to TechCrunch.