WannaCry hero gets bail; pleading not guilty over Kronos malware

WannaCry hero gets bail; plans to plead not guilty over Kronos malware

As you might know, 23-year-old Marcus Hutchins (@MalwareTechBlog on Twitter) who once made the news for stopping WannaCry ransomware attack was arrested by the FBI in Las Vagas while he was attending the BlackHat and DefCon hackers conferences. 

The bureau charged him with developing and distributing Kronos banking malware and stealing banking details of the user in the United States. Now, Hutchins has been granted bail for $30,000 on conditions that he will not leave the country and must use a GPS monitor.

Hutchins is due to appear in court on 8 August where he plans to plead not guilty. However, if found guilty, Hutchins could face 40 years in a US prison. In a media talk, his defense attorney Adrian Lobo said that Hutchins’s friends are raising money for his bond so he can be released on Monday.

“We intend to fight the case – “He has dedicated his life to researching malware, not to trying to harm people,” said Lobo.


Tor Ekeland, a US-based lawyer who deals with alleged online criminals, said that: “The maximum statutory sentence he could face is decades, roughly 40 years – Would he get that? I doubt it; it would be a bizarre outcome. Is it possible? It sure is.”

Listen to Ekeland explaining why Hutchins’  indictment is both scary and bizarre:

According to the US Department of Justice indictment, Hutchins was accused of developing the Kronos banking trojan back in July 2014. Along with Hutchins, the authorities have also charged another unknown person who they believed worked with Hutchins on the Kronos project. 

In one of his Tweets from July 2014; it can be seen that Hutchins is asking for the sample of Kronos malware. BBC, on the other hand, reported that US prosecutors say Hutchins has admitted to creating Kronos malware that harvests bank details.


Remember, Hutchins is known globally as the hero who saved them from the nasty WannaCry ransomware attack by identifying and buying its kill switch domain. The attack infected more than 200,000 Windows based computers in more than 100 countries.

The attack was so strong that FedEx announced a couple of weeks ago that their computer system is still suffering the aftermath of the attack. While last month, traffic cameras in Australia and Honda Motors plant in Japan were infected with the ransomware forcing their system to go offline.

What’s worrisome is that according to a Tweet from Matthieu Suiche, a security researcher who identified second kill switch for WannaCry has confirmed that the FBI has seized the first kill switch owned by Hutchins. 

It is unclear why the FBI had seized the kill switch and didn’t touch his offline Malwaretech.

Related Posts