Expert who stopped 'WannaCrypt' outbreak held in cyber fraud in US

NEW YORK:

Ironic as it may read but a cybersecurity researcher who was hailed as a hero after he discovered a 'kill switch' that put brakes on the fast-spreading 'WannaCry" ransomware in May has been arrested in the US for cyber fraud.

The Federal Bureau of Investigation (FBI) arrested 23-year-old Briton Marcus Hutchins, who runs a security blog called MalwareTech, in Las Vegas for "his role in creating and distributing the Kronos banking trojan virus", a Department of Justice spokesperson was quoted as saying in media reports late on Thursday.

According to a report in Los Angels Times, Hutchins is described as "having created, maintained and marketed the Kronos banking Trojan from July 2014 to July 2015".

The trojan virus stole credentials and personal information and put malicious code on victims' computers.

The Eastern District of Wisconsin returned a six-count indictment against Hutchins on July 12. It was unsealed at the time of his arrest.

Hutchins was regarded a hero when he helped slow the spread of ransomware called "WannaCry" that was locking files on computers around the world and unlocking them for a ransom of $300.

Hundreds of thousands of computers were infected with the malware. The damage forced some hospitals in the UK to turn patients away, and crippled businesses worldwide.

Hutchins, who is also malware researcher at the Kryptos Logic security firm, created a 'kill switch' that prevented the spread of the virus.

Hutchins' arrest as he was attending a hackers' conference in Las Vegas has stirred a fierce debate on social media with his defenders saying that "law enforcement may have misinterpreted actions Hutchins took to find a way to protect against Kronos". 

Kronos was first made available online in early 2014, including on AlphaBay -- a secret marketplace for buying drugs and other illicit items. 

"FireEye observed Kronos being advertised on an established Russian cyber criminal forum by the actor "VinnyK" in June 2014. Kronos has been used in a variety of malicious activities and infected diverse organisations," John Miller, Senior Manager of Analysis, FireEye, told IANS. 

The allegations that the author of this malware has been arrested could discourage malicious actors from continuing to use it," Miller added.

According to media reports, Hutchins may have been unmasked during the AlphaBay investigation.

"When federal agents took down the service, they came into possession of its electronic records and may have been able to trace who was behind Kronos' creation," the report said.