Marcus Hutchins, AKA MalwareTech, previously registered a specific domain included in the ransomware’s code, which stopped the malware from spreading.
Foto: Lisa Brewster/Flickr
On Wednesday, US authorities detained a researcher who goes by the handle MalwareTech, best known for stopping the spread of the WannaCry ransomware virus.
In May, WannaCry infected hospitals in the UK, a Spanish telecommunications company, and other targets in Russia, Turkey, Germany, Vietnam, and more. Marcus Hutchins, a researcher from cybersecurity firm Kryptos Logic, inadvertently stopped WannaCry in its tracks by registering a specific website domain included in the malware's code.
Hutchins was arrested for allegedly creating the Kronos banking malware.
Motherboard verified that a detainee called Marcus Hutchins, 23, was being held at the Henderson Detention Center in Nevada early on Thursday. A few hours after, Hutchins was moved to another facility, according to a close personal friend.
The friend told Motherboard they "tried to visit him as soon as the detention centre opened but he had already been transferred out." Motherboard granted the source anonymity due to privacy concerns.
"I've spoken to the US Marshals again and they say they have no record of Marcus being in the system. At this point we've been trying to get in contact with Marcus for 18 hours and nobody knows where he's been taken," the person added. "We still don't know why Marcus has been arrested and now we have no idea where in the US he's been taken to and we're extremely concerned for his welfare."
A US Marshals spokesperson told Motherboard in an email, "my colleague in Las Vegas says this was an FBI arrest. Mr. Hutchins is not in U.S. Marshals custody."
The FBI acknowledged a request for comment but did not provide one in time for publication.
Shortly before his arrest, Hutchins was in Las Vegas during Black Hat and Def Con, two annual hacking conferences.
"We are aware a UK national has been arrested but it's a matter for the authorities in the US," a spokesperson for the UK's National Crime Agency told Motherboard in an email.
A spokesperson from the UK's National Cyber Security Centre told Motherboard in an email, "We are aware of the situation. This is a law enforcement matter and it would be inappropriate to comment further."
A UK Foreign Office spokesperson told Motherboard in an email, "We are in contact with the local authorities in Las Vegas following the arrest of a British man, and are providing support to his family."
Got a tip? You can contact this reporter securely on Signal at +44 20 8133 5190, OTR chat at email@example.com, or email firstname.lastname@example.org
Get six of our favorite Motherboard stories every day by signing up for our newsletter.