You are here

Man who stopped a global cyberattack pleads guilty in US to writing malware


A BRITISH security researcher who was hailed as a hero for helping to stop a global "ransomware" cyberattack in 2017 has pleaded guilty to charges in the United States of writing malicious software in a separate case.

The researcher, Marcus Hutchins, was arrested at the Las Vegas airport in 2017, as he was on his way back to Britain from a conference.

"As you may be aware, I've pleaded guilty to two charges related to writing malware in the years prior to my career in security," said Hutchins, known online as MalwareTech, in a statement on his website on Friday. "I regret these actions and accept full responsibility for my mistakes."

Hutchins faces up to five years in prison and US$250,000 in fines for each of the charges, according to US court documents.

Your feedback is important to us

Tell us what you think. Email us at

In February, a US judge refused an application from Hutchins to suppress a statement he made at the Las Vegas Airport after his arrest, when he said he had been intoxicated, the BBC reported.

In 2017, a federal grand jury in the US returned a six-count indictment against Hutchins. The indictment said Hutchins, then 23, and an unidentified accomplice conspired to create and sell malware intended to steal login information and other financial data from online banking sites.

A version of the program, known as Kronos banking Trojan and created by Hutchins, was sold by the accomplice for US$2,000 in June 2015, the indictment said. But the document did not include details of how widely the malware was used.

The government has said it will move to dismiss the remaining charges in exchange for Hutchins's guilty plea.

The global cyberattack that Hutchins helped to stop disrupted Britain's National Health Service and hundreds of other organisations worldwide, spreading to more than 70 countries. It used a variant of WannaCry, a piece of malicious software that locks victims out of their systems and demands ransoms. Hutchins was credited with disabling it.

In a blog post at the time, Hutchins explained that he had noticed the malicious software trying to contact a particular Internet address, discovered the address was unregistered and bought it, which turned out to trigger a "kill switch" in the software.

In his statement on Friday about his work as a security researcher, Hutchins said: "Having grown up, I've since been using the same skills that I misused several years ago for constructive purposes.

"I will continue to devote my time to keeping people safe from malware attacks," he added. NYTIMES

BT is now on Telegram!

For daily updates on weekdays and specially selected content for the weekend. Subscribe to