An IT security researcher going by the Twitter handle of @MalwareTechBlog (real name Marcus Hutchins) has been detained by the law enforcement authorities in the United States. Hutchins, who is visiting States to attend Defcon, one of the world’s largest hacker conventions in Las Vegas, Nevada was arrested for unknown reasons
Hutchins is the researcher who “saved” the world from dangerous WannaCry ransomware by halting its attack after he identified the domain used by the cyber criminals behind the campaign in May 2017.The ransomware targeted more than 200,000 Windows based devices around the world.
The attack was so sophisticated and dangerous that after almost three months have passed FedEx announced that their computer systems are still suffering the aftermath of it. It must be noted that the first target of WannaCry ransomware attack was Britain’s NHS (National Health Service) in which its computer system was compromised by attacks demanding $300 in Bitcoin.
t was due to Hutchins who identified the kill switch for the attack and slowed it down from spreading saving numerous unsuspecting users from falling for the attack. However, right now he has been detained for unknown reasons.
According to Joseph Cox of MotherBoard who reported the incident first; he had a conversation with one of Hutchins friends in the United States who told him that:
“I’ve spoken to the US Marshals again and they say they have no record of Marcus being in the system. At this point, we’ve been trying to get in contact with Marcus for 18 hours and nobody knows where he’s been taken,” the person added. “We still don’t know why Marcus has been arrested and now we have no idea where in the US he’s been taken to and we’re extremely concerned for his welfare.”
I can confirm @MalwareTechBlog was detained yesterday and FBI/US Marshalls won't tell me where he is. https://t.co/lV5SxZjsRi
— Andrew Mabbitt (@MabbsSec) August 3, 2017
Furthermore, a spokesperson for the US Marshals told MotherBoard that “this was an FBI arrest.”
Hutchins is very active on Twitter but a look at his account shows two tweets and a retweet were posted 21 hours ago. It is unclear what’s going on since there has been no update from FBI on their social media or website.
Though I will be really butthurt if they changed the C2 protocol so my emulator doesn't work anymore.
— Marcus Hutchins (@MalwareTechBlog) August 2, 2017