The FBI has arrested Marcus Hutchins, the British security researcher that stopped the WannaCry ransomeware attack, for allegedly being a part of a software attack on banking accounts. The Guardian reported:

According to an indictment released by the US Department of Justice on Thursday, Hutchins is accused of having helped to create, spread and maintain the banking trojan Kronos between 2014 and 2015.

The Kronos malware was spread through emails with malicious attachments such as compromised Microsoft word documents, and hijacks credentials like internet banking passwords to let its user steal money with ease.

Authorities picked up Hutchins as he prepared to leave Las Vegas where he attended the DEF CON hacking conference.

A personal of Hutchins spoke to Motherboard:

Motherboard verified that a detainee called Marcus Hutchins, 23, was being held at the Henderson Detention Center in Nevada early on Thursday. A few hours after, Hutchins was moved to another facility, according to a close personal friend.

The friend told Motherboard they “tried to visit him as soon as the detention centre opened but he had already been transferred out.” Motherboard granted the source anonymity due to privacy concerns.

“I’ve spoken to the US Marshals again and they say they have no record of Marcus being in the system. At this point we’ve been trying to get in contact with Marcus for 18 hours and nobody knows where he’s been taken,” the person added. “We still don’t know why Marcus has been arrested and now we have no idea where in the US he’s been taken to and we’re extremely concerned for his welfare.”

The UK’s National Crime Agency and National Cyber Security Centre confirmed to Motherboard that officials are aware of the situation.

WannaCry Hero

In May, the WannaCry ransomware hit 150 countries, including Britain’s National Health Service and closed some ERs for awhile.

Ransomware locks up your computer until you pay a ransom for the decryption key.

The Hill describes how Hutchins saved the day:

Hutchins analyzed WannaCry and noticed that the ransomware tried to contact a nonexistent website. If WannaCry received no response from the website, it continued with its infection. Otherwise, it gave up.
This was an apparent test to see if the ransomware was being analyzed by a researcher using a program that provides a safe enclosure for malware, known as a sandbox. Sandboxes will feed malware fake websites when it tries to access the web to limit its contact with the real world. If WannaCry received a web page when it contacted the nonexistent site, it reasoned that it was being studied by a researcher and stopped cooperating.

Hutchins registered the site, causing it to respond to the web requests and making WannaCry believe that every new infection was inside the sandbox.

Hutchins received “a special recognition award at cybersecurity celebration SC Awards Europe” for his work. WannaCry hit 1 million computers, but without Hutchins the damage could have spread to 10-15 million.