Hero to villain: Security researcher responsible for stopping WannaCry pleads guilty to malicious hacking charges

“You either die a hero, or you live long enough to see yourself become the villain.”

Marcus Hutchins, the security analyst that discovered the kill-switch that stopped the WannaCry ransomware attack, has fulfilled the meme-worthy quote from The Dark Knight. Hutchins pleaded guilty to two charges filed against him for writing malware used in a bank hacking scheme.

Hutchins was arrested in 2017 and charged with aiding the creation of the Kronos banking trojan, a piece of malware that scraped user login credentials for certain banks’ websites. Hutchins was released on bail in Los Angeles around the time of his arrest and had been waiting for an appearance in court.

In court documents obtained by ZDNet, Hutchins pleaded guilty to two counts of violating U.S. Code §1030, which deals with fraud and related activities in connection with computers. The U.S. government is dismissing eight other counts filed against Hutchins as a part of the plea. Each count carries with it a maximum penalty of five years in jail, a one-year supervised release, and a fine of $250,000.

Hutchins was taken into custody shortly after being hailed as a hero of the information security (InfoSec) community. Hutchins was cheered for discovering the embedded kill-switch for the WannaCry ransomware that plagued tens of thousands of computers. One of the largest victims of WannaCry was the British National Health Service, who praised Hutchins for his work in dismantling the malware that held several NHS systems hostage.