Want to keep the TNW Conference vibe going?? Tickets for TNW2022 are available now >>

The heart of tech

This article was published on August 3, 2017

FBI arrests security expert who stopped WannaCry ransomware attack (Updated)

FBI arrests security expert who stopped WannaCry ransomware attack (Updated)
Rachel Kaser
Story by

Rachel Kaser

Internet Culture Writer

Rachel is a writer and former game critic from Central Texas. She enjoys gaming, writing mystery stories, streaming on Twitch, and horseback Rachel is a writer and former game critic from Central Texas. She enjoys gaming, writing mystery stories, streaming on Twitch, and horseback riding. Check her Twitter for curmudgeonly criticisms.

MalwareTech, the security researcher who stopped the spread of WannaCry ransomware, has been detained following a trip to DEF CON in Las Vegas.

A friend, who spoke to Motherboard under condition of anonymity, said,

I’ve spoken to the US Marshals again and they say they have no record of [MalwareTech] being in the system. At this point we’ve been trying to get in contact with [MalwareTech] for 18 hours and nobody knows where he’s been taken.

The friend added that, when they attempted to visit MalwareTech shortly after he was first detained, he’d already been moved. No one seems to know what he’s been charged with, if anything.

At time of writing, Andrew Mabbitt of Fidus Security said he’d located MalwareTech in the FBI field office in Nevada, and was hoping to get him a lawyer.

MalwareTech’s real name and personal information was revealed by British press shortly after he figured out how to stop WannaCry. I’m still using his handle out of continued respect for his privacy.

But I have to wonder — would this have happened if they’d left him alone?

Update 3pm CST: It’s been revealed that US prosecutors detained MalwareTech for allegedly making and selling banking malware known as Kronos. They claim he and a co-conspirator created the program between July 2014 and July 2015. You can read the full indictment here.