According to reports, Marcus Hutchins, a British security researcher who prevented the spread of WannaCry ransomware, issued a statement today admitting that he had written malware before becoming a malware researcher. Hutchins wrote in the statement:
“I regret these actions and accept full responsibility for my mistakes. Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.”
Court documents show that Hutchins pleaded guilty to the manufacture and distribution of malware, and assisted and abetted him in distributing the two counts. The government agreed to waive the other eight charges. For each of these charges, Hutchins may face up to five years in prison, as well as a fine of up to $250,000, plus a one-year supervised release.
Hutchins developed both Kronos and UPAS-Kit Trojan viruses for banks and participated in online promotion and sales of the malware “Vinny”, “VinnyK” and “Aurora123”. These things happened between July 2012 and September 2015, after which Hutchins became a talented security researcher.
At the Las Vegas International Airport in August 2017, Hutchins was arrested by the US authorities when he planned to return to the UK after attending the Black Hat and DEFCON security conferences. Hutchins was released on bail and he lived in Los Angeles while he was awaiting trial.