Felix Pergande - Fotolia

WannaCry hero due in court on malware charges

The Briton who played a key role in halting the global WannaCry ransomware attacks is due in court in the US to face charges in connection with the Kronos banking Trojan

Briton Marcus Hutchins is due in court on 8 August 2017 to face charges of helping to develop and maintain the password-stealing malware Kronos between July 2014 and July 2015.

The six-count indictment against Hutchins was filed on 12 July 2017, but made public only after his arrest, which comes after a two-year FBI investigation.

The 23-year-old from Ilfracombe in Devon, who is also known by his online handle of “MalwareTech”, was arrested on 4 August 2017 as he prepared to return to the UK from a security conference in Las Vegas.

The arrest came just weeks after Hutchins was hailed as a hero for discovering that WannaCry was connecting to an unregistered domain, which he then registered and took control of to stop the ransomware worm from spreading.

Although granted bail of $30,000, the security researcher who works for cyber security supplier Kryptos Logic, was forced to spend the weekend in jail because bail could not be paid before the court closed.

He was released on 7 August under strict bail conditions, including that he have no access to the internet, surrender his passport, and be place under 24-hour GPS monitoring.

At the weekend, Hutchins’s lawyer Adrian Lobo said her client would plead not guilty to all charges, although prosecutors reportedly claimed he had admitted to writing the Kronos code.

Read more about WannaCry

  • The National Crime Agency believes the recent WannaCry attacks represent a “signal moment” in terms of awareness of cyber attacks and their real-world impact.
  • Computers running Windows 7 accounted for the biggest proportion of machines infected with the WannaCry ransomware, while NHS suppliers are blamed for hampering patching by NHS trusts.
  • Security advisers are urging organisations to patch their Windows systems to avert a possible second wave of an unprecedented, indiscriminate ransomware attack.
  • A failure by many organisations to take cyber security seriously has long been blamed on the lack of a single significant event to shake things up.

According to the prosector Dan Cowhig, Hutchins and his unnamed co-defendant were caught in a sting operation by undercover officers, according to the Telegraph.

Cohig said other evidence includes chat logs between Hutchins and his co-defendant, who is reportedly still at large.

After his arrest, the cyber security research community rallied in support of Hutchins. His mother said his guilt was “highly unlikely” considering the “enormous amounts of time” he spent stopping cyber attacks.

Some supporters said the fact Hutchins asked on Twitter if anyone could provide a sample of Kronos, shortly after it was reported publicly in July 2014, also made his guilt seem unlikely.

Draining victims’ bank accounts

Kronos was designed to steal online banking credential to enable those behind the malware to drain victims’ bank accounts.

Since its creation, Kronos is thought to have stolen user credentials associated with banking systems in several countries, including the UK, Canada, Germany, Poland, France and India.

Analysis of the malware revealed that significant effort was put into equipping the malware to evade security tools used by enterprises and security researchers.

US authorities believe Kronos was first made available through certain internet forums in early 2014, and marketed and distributed through AlphaBay, a hidden service on the Tor network.

Although the Alphabay marketplace was shut down on 20 July 2017 in an international law enforcement effort led by the US, the indictment said Kronos presents an ongoing threat to privacy and security becasue the Kelihos botnet was observed loading Kronos on computers through an email phishing campaign in late 2016.

Read more on Hackers and cybercrime prevention