MalwareTech, the security researcher who stopped the spread of WannaCry ransomware, has been detained following a trip to DEF CON in Las Vegas.
A friend, who spoke to Motherboard under condition of anonymity, said,
I’ve spoken to the US Marshals again and they say they have no record of [MalwareTech] being in the system. At this point we’ve been trying to get in contact with [MalwareTech] for 18 hours and nobody knows where he’s been taken.
The friend added that, when they attempted to visit MalwareTech shortly after he was first detained, he’d already been moved. No one seems to know what he’s been charged with, if anything.
At time of writing, Andrew Mabbitt of Fidus Security said he’d located MalwareTech in the FBI field office in Nevada, and was hoping to get him a lawyer.
Finally located @MalwareTechBlog, he's in the Las Vegas FBI field office. Can anyone provide legal representation?
— Andrew Mabbitt (@MabbsSec) August 3, 2017
MalwareTech’s real name and personal information was revealed by British press shortly after he figured out how to stop WannaCry. I’m still using his handle out of continued respect for his privacy.
But I have to wonder — would this have happened if they’d left him alone?
Update 3pm CST: It’s been revealed that US prosecutors detained MalwareTech for allegedly making and selling banking malware known as Kronos. They claim he and a co-conspirator created the program between July 2014 and July 2015. You can read the full indictment here.