Marcus Hutchins, the 25-year-old security researcher who was instrumental in stopping WannaCry, has been spared from serving any additional jail time for his role in creating the Kronos banking trojan.
Hutchins, also known by the handle MalwareTech, was sentenced on Friday by a US District Judge, after pleading guilty to two out of ten charges relating to the development and distribution of the Kronos malware. The British researcher was sentenced to time served, with a year of supervised release. The maximum sentence included up to ten years imprisonment, as well as substantial fines.
Under US Federal law, a supervised release consists of a period following a prisoner's incarceration during which they must continue to check in with a probation officer to ensure good conduct. While Hutchins only served a few days of jail time immediately following his 2017 arrest, he has been forced to remain in the US under house arrest until the conclusion of his trial.
The judge ruled that Hutchins is not required to remain in the US as part of his supervised release, meaning that he is free to return to the UK. However, Hutchins has publicly expressed his worry that he will not be permitted to return to the US following his sentencing, effectively cutting him off from major security events including Black Hat USA, DefCon and RSA Conference.
As part of his closing statements, the judge praised Hutchins' actions during the WannaCry outbreak, as well as his resilience during the course of the trial and his actions in recent years helping to stop cybercriminals. Prosecutors also credited his guilty plea and willingness to take responsibility for his previous actions.
Following the sentencing, Hutchins tweeted messages of thanks to his supporters, who have donated to legal funds and contributed letters of character support to the case. He also thanked his lawyers, who he said represented him pro bono. He said that after "things settle down", he aims to return his focus to educating people about cyber security.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Podcast transcript: What did we learn from WannaCry?IT Pro Podcast Read the full transcript for this episode of the IT Pro Podcast
-
The IT Pro Podcast: What did we learn from WannaCry?IT Pro Podcast Five years on, WannaCry still remains one of the most impactful security incidents in recent memory
-
Over two-thirds of companies still run software with WannaCry flawNews Four years have passed, and many systems still need patching
-
US charges three North Koreans for Sony Pictures, WannaCry attacksNews The men are said to have been responsible for a $1.3 billion hacking spree
-
Tenable declares there are far worse security threats to fear than zero-day exploitsNews ‘If you’re scared of zero-days, you don’t know what you’re talking about’ claims Tenable
-
Spanish Ryuk ransomware attack hints at new WannaCryNews Ryuk ransomware continues to be a big problem for businesses with reports of attacks on Spanish organisations
-
What is WannaCry?
In-depth The full story behind one of the worst ransomware outbreaks in history
-
Exploits for Windows BlueKeep vulnerability commercially availableNews The issue has been dubbed 'the next WannaCry' and now attackers can have a copy of their own, for a price
