Security expert who stopped WannaCry malware pleads not guilty to Kronos crime

ransomware
pwstudio/123RF

Cybersecurity researcher Marcus Hutchins on Monday pleaded not guilty in a United States court to charges of creating and distributing the Kronos malware that targeted online banking customers more than two years ago.

Earlier this month, the 23-year-old Brit was taken off a U.K.-bound flight shortly before it left Las Vegas and charged with six hacking-related offenses in connection with Kronos.

The story received widespread coverage as Hutchins had been hailed a hero just a few months earlier for preventing the spread of another piece of highly damaging malware that for several days caused havoc around the world.

Outside the Milwaukee, Wisconsin courthouse where Hutchins appeared on Monday, his attorney Marcia Hofmann described him as a “brilliant young man,” adding, “He’s going to vigorously defend himself against these charges and when the evidence comes to light, we are confident he will be fully vindicated.” If he’s not, the researcher could be handed a prison sentence of up to 40 years.

Posting on Twitter for the first time since his arrest, Hutchins, who is currently on bail ahead of his October trial, said he wanted to thank a lot of people for the “amazing support” they’d shown.

The Brit is accused of crimes related to the Kronos malware that infected PCs via malicious email attachments and allowed hackers to steal people’s login credentials for online banking.

The allegations, which cover the period between July 2014 and July 2015, include the charge that Hutchins helped to create and distribute Kronos in places such as hacker forums on the dark web.

The U.S. Department of Justice confirmed in a statement that Hutchins “was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan.”

Hutchins’ mother told the Press Association soon after his arrest that it was extremely unlikely her son had broken the law as he put so much work into preventing computer-related crime.

WannaCry hero

Hutchins was hailed a hero by cybersecurity experts around the world in May after he single-handedly ended the global spread of damaging ransomware known as WannaCry.

The ransomware first came to light on May 12, blocking access to computer systems belonging to major businesses and organizations around the world, among them the U.K.’s National Health Service and Spanish telecommunications giant Telefonica.

As WannaCry began to spread across the globe over the following days, Hutchins, working from his bedroom in southwest England, found a way to prevent the ransomware from causing further damage after examining its code. You can read his detailed account of the episode on his blog.

According to the Guardian, the Brit has been working remotely for LA-based Kryptos Logic, a cybersecurity company that offered him a job in 2016 after being impressed by his tech blog.

Update: Marcus Hutchins pleads not guilty in a U.S. court.