Security expert who stopped WannaCry ransomware attack arrested by FBI

MalwareTech, the security researcher who stopped the spread of WannaCry ransomware, has been detained following a trip to DEF CON in Las Vegas.

A friend, who spoke to Motherboard under condition of anonymity, said,

I’ve spoken to the US Marshals again and they say they have no record of [MalwareTech] being in the system. At this point we’ve been trying to get in contact with [MalwareTech] for 18 hours and nobody knows where he’s been taken.

The friend added that, when they attempted to visit MalwareTech shortly after he was first detained, he’d already been moved. No one seems to know what he’s been charged with, if anything.

At time of writing, Andrew Mabbitt of Fidus Security said he’d located MalwareTech in the FBI field office in Nevada, and was hoping to get him a lawyer.

 Follow

Andrew Mabbitt @MabbsSec

Finally located @MalwareTechBlog, he's in the Las Vegas FBI field office. Can anyone provide legal representation?

6:48 PM - Aug 3, 2017

•  7272 Replies
 
•  776776 Retweets
 
•  737737 likes

Twitter Ads info and privacy

MalwareTech’s real name and personal information was revealed by British pressshortly after he figured out how to stop WannaCry. I’m still using his handle out of continued respect for his privacy.

But I have to wonder — would this have happened if they’d left him alone?

It’s been revealed that US prosecutors detained MalwareTech for allegedly making and selling banking malware known as Kronos. They claim he and a co-conspirator created the program between July 2014 and July 2015. You can read the full indictment here.