Malware researcher Marcus Hutchins, who became famous for finding a kill switch in the WannaCry ransomware software in 2017, has been
sentenced to a year of supervised release. He was charged with producing and selling a banking malware called Kronos and the UPAS kit, another backdoor malware.
Accidental Hacker Hero Stopped the Spread of WannaCry
Hutchins, a 25-year-old British citizen, was arrested in Las Vegas where he was attending the Def Con conference in August 2017. He was taken into custody by federal marshals while boarding a flight back to the UK, for allegedly developing a malware called Kronos. The malware in question reportedly stole user credentials from web browsers used on infected systems.
The young
security researcher was bailed out on a bond of $30,000 and has been living in Los Angeles ever since. Prosecutors claimed that he generated a few thousand dollars by selling Kronos. Since the arrest, however, Hutchins attempted to turn his life around, even live-streaming his work and making efforts to protect users from security threats. Prosecutors commented on this point in a sentencing memo filed with the court, stating that Hutchins has “made a good decision to turn his talents toward more positive ends.”
Four months earlier, Hutchins was hailed as a hero for stopping the spread of ransomware WannaCry dead in its tracks. The program infected computers globally, and demanded users to pay a ransom for their data in Bitcoin. Those that did not comply were threatened with the deletion of their files. Hutchins became a hero when he registered a particular domain name that acted as a kill switch and stopped the ransomware from spreading.
American, British and Australian intelligence agencies traced the ransomware to North Korea. WannaCry caused billions of dollars in damages, with the UK’s National Health Service (NHS) being one of the
hardest hits. It reportedly forced doctors to turn away patients and close down emergency rooms.
Bitcoin Being Used in Ransomware
Cybercriminals have popularly
used Bitcoin as a form of payment in ransomware. Compared to the traditional banking system, cryptocurrencies afford criminals more anonymity. However, because of the transparent nature of the Bitcoin blockchain, anyone can also watch the ransom money being transferred from address to address.
This makes converting ransomware money into physical currency harder for developers of malware. A single transaction to a cryptocurrency exchange, for instance, can reveal the criminal’s identity. Law enforcement agencies have used this point of weakness to catch criminals several times already.
Some of the most damaging instances of ransomware include CryptoWall and CryptoLocker, each gathering over 5,300 BTC and 1,400 BTC in ransom respectively. While WannaCry gathered huge media attention because it spread so widely, it only received about 47 BTC in ransom. Earlier this year, another
ransomware named Ryuk was spotted in China, which demanded a ransom of 11 BTC for each infected computer.
Do you think ransomware attacks will become less common in the future due to Bitcoin’s somewhat reduced anonymity as compared to a few years ago? Let us know your thoughts in the comments below.