Marcus Hutchins (born 1994), also known online as MalwareTech, is a British computer security researcher known for stopping the WannaCry ransomware attack.
Hutchins, 15 years old at the time, successfully created an 8,000-computer botnet for HackForums by tricking BitTorrent users into running his fake files to take control of their machines.
[6] These activities included setting up "ghosted" web hosting for others on the HackForums for "all illegal sites" except child porn, and created custom malware, often based on evaluating how others' rootkits operated.
[6] Sales of UPAS Kit earned Hutchins thousands of dollars through bitcoin, allowing him to drop out of school and live a comfortable life, though he kept the nature of his work secret from his family.
[6] Vinny shortly came back to Hutchins to ask him to write UPAS Kit 2.0, specifically adding keylogging and web inject for browser form pages.
[6] The new code was completed by June 2014, and as Vinny started selling it to the dark web he renamed UPAS Kit 2.0 to Kronos, based on the mythological Greek Titan.
[6] The WannaCry ransomware attack had started around 12 May 2017; using an exploit in Microsoft Windows' Server Message Block, it quickly spread from its initial point of injection believed to be in North Korea to over 230,000 computers in 150 countries within the day.
[6][11] Hutchins and Kryptos, along with the UK's National Cyber Security Centre, spent the next several days maintaining the honeypot servers from additional DDoS attacks, some restarted by ongoing Mirai botnets as to make sure the killswitch remained active while Microsoft and other security workers rushed to patch the exploit in the Server Message Block and issue it to end users.
[18] In this coverage, he kept his past history quiet, simply stating that he got his job with Kryptos Logic based on his software skills and MalwareTech blog hobbies he developed during school.
[22] The FBI had obtained copies of his conversations with Randy from another dark web server seizure prior to AlphaBay to prove his connection to the software,[22] which he confessed to while questioned.
[6] At his arraignment, he pleaded not guilty to the charges, and was put under house arrest in Los Angeles, initially with strict curfew limits and GPS monitoring, but these were lifted after a few months.
[6] In early 2018, the FBI began to negotiate with Hutchins as they desired information he had on Vinny and several other hackers that he knew, offering to reduce his sentence to a zero-prison term.
[25] On 19 April 2019 Hutchins pleaded guilty to two of the ten charges, conspiring to commit wire fraud, as well as distributing, selling, promoting, and advertising a device used to intercept electronic communications.
[29][6] According to a 2020 Wired profile, Hutchins stated that while he preferred to stay in Los Angeles, he expected following the year of supervised release he would be deported back to the United Kingdom, as he had long overstayed his travel visa.