Marcus Hutchins, the hero who helped stop the WannaCry ransomware attack which crippled much of Western Europe, including the NHS’ computer systems, isn’t going to jail.
At a sentencing heading in Milwaukee, a federal judge sentenced the British security expert to time served. He was also given one year of supervised release, although he is free to return to the United Kingdom. No fines were imposed.
Sentenced to time served! Incredibly thankful for the understanding and leniency of the judge, the wonderful character letter you all sent, and everyone who helped me through the past two years, both financially and emotionally.
— MalwareTech (@MalwareTechBlog) July 26, 2019
Hutchins is regarded as one of the world’s foremost experts on malware, and was credited for halting the rampage of WannaCry, which is believed to be a creation of the secretive North Korean government in an attempt to gain funds. But in a previous life, he was a shadowy malware developer, who helped create the Kronos banking trojan.
It’s a happy ending for Hutchins, who also goes by the moniker MalwareTech. The researcher had been trapped in the US since 2017 while his trial unfurled, after he was arrested in Las Vegas while trying to board a flight back to the UK. His arrest came shortly after he was doxxed by the UK media.
Prosecutors, who argued for a harsher sentence, are unlikely to be happy, however. In a sentencing to Judge Stadtmueller, they wrote:
“Like a man who spent years robbing banks and then one day came to realize that was wrong, and even worked to design better security systems, he deserves credit for his epiphany, but he still bears responsibility for what he did.”
In April of this year, Hutchins agreed to a plea deal with the US government where he accepted two charges against him, in exchange for prosecutors dropping the other eight charges. The two remaining charges each came with potential penalties of $250,000 in fines, plus up to five years in prison.
After spending some time on house arrest in Milwaukee, Hutchins was permitted to relocate to Los Angeles, where he tweeted about the difficulties in adjusting to a new life, and the frustrations of living in a legal limbo.
Hutchins has also expressed sincere contrition for his previous work in the shadier side of the hacking world. In a public statement released on his blog earlier this year, he wrote that he accepted full responsibility for his actions.
“I regret these actions and accept full responsibility for my mistakes. Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks,” he said.
Hopefully I can work on finding some way to come back to the US. But until then, back to work!
— MalwareTech (@MalwareTechBlog) July 26, 2019
Although his conviction will likely prevent Hutchins from returning to the country he has called home for the past two years, at least he’ll be able to return to normality. And we’re glad. Everyone makes mistakes, but in adulthood, Hutchins led a spotless life, helping to thwart the attacks he once helped create. It would be a WannaCry-ing shame (sorry) if he was stuck in a jail cell, instead of doing his very important work.
Get the TNW newsletter
Get the most important tech news in your inbox each week.