UK Researcher Who Stopped WannaCry outbreak Arrested in U.S.

A security researcher Marcus Hutchins, 22, a British national, who in May stopped an outbreak of the WannaCry ransomware has been arrested and detained after attending the Def Con conference in Las Vegas. Hutchins was arrested at Las Vegas airport on Wednesday by US Marshals, several close friends have confirmed.

A Justice Department spokesperson has confirmed on the phone that his arrest is in relation to his alleged role “in creating and distributing the Kronos banking Trojan.”

The indictment was dated July 11, about two weeks before he flew to the US to attend the annual security conference. The Justice Department has been after those involved with the notorious Kronos malware for more than two years.

Hutchins, also known as @MalwareTechBlog, stormed to fame after he found a kill switch in the malware, known as WannaCry, amid a global epidemic of ransomware. Hutchins registered a domain name that stemmed the infection.

He was hailed as a hero for stopping the attack, which gripped UK hospitals and other major industries around the world.

 

 

 

 

 

Michael Reynolds/European Pressphoto Agency

White House homeland security adviser Thomas Bossert said “the best and the brightest are working on” tracking who was behind the ransomware cyberattack.

Security researchers have discovered digital clues in the malware used in last weekend’s global ransomware attack that might indicate North Korea is involved, although they caution the evidence is not conclusive.

An early version of the ‘‘WannaCry’’ ransomware that affected more than 150 countries and major businesses and organizations shares a portion of its code with a tool from a hacker group known as Lazarus, which researchers think is linked to the North Korean government.

John Bambenek, a research manager at Fidelis Cybersecurity says “This implies there is a common source for that code, which could mean that North Korean actors wrote ‘WannaCry’ or they both used the same third-party code,’’

White House homeland security adviser Thomas Bossert said Monday that investigators were still working to determine who was behind the attack. The best and the brightest are working on it.

Victims have paid $59k to hackers

As of Monday afternoon, 227 payments have been made to the three bitcoin accounts linked to the cyberattack.

Several security researchers studying ‘‘WannaCry’’ on Monday found evidence of possible connections to the crippling hack on Sony Pictures Entertainment in 2014 attributed by the US government to North Korea. That hack occurred in the weeks before Sony released a satiric movie about a plot to kill North Korean leader Kim Jong Un.

However, Bambenek cautioned that the links are circumstantial. ‘‘It could be a freak coincidence,’’ he said. ‘‘The code in question is not a large portion of the overall Wannacry malware so it’s plausible that the attackers got it from somewhere else.’’

The spread of the WannaCry virus has slowed as new cyberdefenses have been put in place and some eight to 10 U.S. entities, including a few in the health-care sector, reported possible “WannaCry” infections to the Department of Homeland Security, a US official said.

Factories, hospitals, and schools were disrupted in China by the attack, the spread of the virus appeared to be slowing. State media said 29,000 institutions had been hit, along with hundreds of thousands of devices.

South Korea reported that just five companies were affected, including the country’s largest movie chain.

Researchers discovered a ‘‘kill switch’’ on the virus that stopped its spread from computer to computer, potentially saving tens of thousands of machines from further infection.

The ransomware program, which is spread through e-mail, encrypts computer files and then demands the bitcoin equivalent $300 to unlock them.

The attack hobbled operations at Russia’s Interior Ministry, Spanish telecommunications giant Telefónica, and Britain’s National Health Service.