FBI arrests researcher that stopped ‘WannaCry’ for allegedly creating Kronos banking trojan

Marcus Hutchins, 23, was arrested for his alleged role in creating the Kronos banking trojan.
SamSam ransomware

A cybersecurity researcher known for helping stop the global spread of “WannaCry” ransomware was arrested and charged by the FBI on Wednesday for “his role in creating and distributing the Kronos banking trojan,” according to a spokesperson from the U.S. Department of Justice.

Marcus Hutchins, 23, is currently in custody at the Las Vegas FBI Field Office, according to sources close to him. Hutchins created and distributed the malware, according to the indictment, first obtained by CNN Money. The charges, brought by a grand jury in the Eastern District of Wisconsin, relate to alleged conduct between July 2014 and July 2015.

According to the indictment, Hutchins allegedly created and updated the Kronos trojan while another unidentified person sold the malicious software online. Kronos was sold on the dark web marketplace AlphaBay and other cybercrime forums. Variants of Kronos have sold for as much as $7,000. The malware is still in use. When it first appeared online in 2014, Kronos was designed to steal log-in credentials and other financial information from online banking websites that are accessible via Internet Explorer, Mozilla Firefox and Google Chrome.


AlphaBay was taken down by law enforcement last month as part of an international cybercrime bust; leading to the arrest of multiple administrators for the website. It’s unclear whether the investigation into AlphaBay provided U.S. law enforcement with the information necessary to charge Hutchins.

Hutchins faces a six-count indictment that include counts of conspiracy to commit computer fraud and abuse, distributing and advertising a electronic communications interception device, and an attempt to access a computer without authorization.

In May, Hutchins was hailed as a hero after he found and activated a ‘kill switch’ in the code of WannaCry, stopping the virus from spreading further across the globe. WannaCry infected critical infrastructure including hospitals, telecommunications companies and universities across over 150 countries, including the United Kingdom, Turkey, Spain, Russia, Germany, Vietnam and the United States. If not for Hutchins’ contribution, WannaCry could have infected a larger number of systems across the globe.

Hutchins currently employed as a security researcher with Kryptos Logic, a private cybersecurity firm based in the U.S. Family and friends have not been able to speak with Hutchins since he was arrested, Vice’s MotherBoard first reported.

You can read the full indictment below:


[documentcloud url=”” responsive=true sidebar=false text=false pdf=false]

Latest Podcasts