WannaCry ‘Hero’ Pleads Not Guilty To Kronos Malware Charges

The British security researcher who inadvertently stopped the global WannaCry ransomware campaign in May, has pleaded not guilty to charges in the US of developing and distributing the ‘Kronos’ banking malware.

Marcus Hutchins, otherwise known as ‘Malwaretech’ on social media, was arrested by the FBI on 2 August in Nevada, after he attended the Black Hat and Def Con hacking conference in Las Vegas

During a hearing in Milwaukee, Wisconsin, Marcus Hutchins rejected six charges relating to the Kronos malware and will now face trial in October. Friends and family raised his £23,000 bail, the terms of which forbade him from using a computer. That restriction has now been lifted.

Kronos malware

A second defendant is also included in the indictment, but their name has not been made public.

Essentially, the DoJ believes that Hutchins is responsible for the creation and distribution of Kronos on Internet forums.

This was a nasty piece of malware that was designed to steal banking login and other financial data from infected computers. It first came to prominence in 2014 after it posed as legitimate software in order to infect people’s computers.

What is your biggest cybersecurity concern?

  • Ransomware (28%)
  • Humans / Social Engineering (27%)
  • State sponsored hackers (14%)
  • Malware (14%)
  • Other (7%)
  • Out of date tools (6%)
  • DDoS (4%)

Loading ...

Its creator boasted it could evade existing anti-virus software and said it worked with Internet Explorer, Firefox and Chrome web browsers. The creator also (unusually) promised to deliver free upgrades and bug fixes for the trojan, and even offered attackers a one week trial for $1,000.

Kronos resurfaced again in October 2015 after it reportedly attacked both British and Indian banking websites.

Then in May 2016 it hit customers of Canadian financial institutions, and last November Kronos was apparently being distributed in emails sent to financial service firms, hospitality businesses, as well as those companies operating in the higher education and healthcare industries.

It has been suggested by some that code written by Hutchins was ‘stolen’ and incorporated into Kronos.

If found guilty, Hutchins could be jailed for 40 years.

‘Hero’ Researcher

The fact that the FBI believes that Hutchins was responsible for this trojan has come as a surprise to many.

When the WannaCry ransowmware spread rapidly through computer systems around the world in May, it crippled huge swathes of NHS IT infrastructure. As the ransomware attack began to take hold, Hutchins obtained a sample of the malware from a fellow researcher.

Hutchins then tested the ransomware in a virtual environment and discovered it queried an unregistered domain. He had noted the malware was connecting to multiple IP addresses targeting a server message block (SMB) vulnerability.

He then registered the domain, an action which ultimately resulted in the botnet being terminated. Hutchins actions only emerged days after the first WannaCry attacks.

Quiz: What do you know about cyber security in 2017?

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

3 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

3 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

3 days ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

3 days ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

3 days ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

3 days ago