WannaCry hero pleads guilty to developing banking malware

Marcus Hutchins, best known for his role in stopping the 2017 WannaCry ransomware attack, has pleaded guilty to two charges related to computer hacking conspiracy. The other eight charges will be dismissed as part of a plea deal first reported by ZDNet.

“I regret these actions and accept full responsibility for my mistakes,” Hutchins said in a statement on his website. “Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.”

Hutchins drew universal praise from security professionals when he discovered the “kill switch” to the WannaCry ransomware in 2017, abruptly halting an attack that had locked down more than 75,000 computers across more than 150 countries. He was widely hailed as a hero for his role in containing the attack, which he had done entirely in his capacity as an independent researcher.

Just months after the WannaCry attack, Hutchins was arrested during the Def Con security conference in Las Vegas and charged with developing the Kronos banking trojan, which harvested logins and passwords in order to empty victims’ bank accounts. The case has proceeded slowly over the year and a half since the arrest, with many researchers unwilling to accept that Hutchins had played a role in the malware campaign.

Hutchins now faces up to five years in prison for each charge, as well as the possibility of financial penalties, depending on the judge’s sentencing.