Marcus Hutchins, the cybersecurity researcher who disabled the WannaCry ransomware, was arrested in Las Vegas Wednesday, August 2 following a July 12 indictment on charges of creating, distributing, and profiting from a malware program that could seize credit card numbers and other banking information, Reuters reported Friday via nasdaq.com.

On Friday, Judge Nancy Koppe set Hutchins’ bail at $30,000 dollars. Though she dismissed prosecutors’ claims that the 23-year-old British citizen was a flight risk, she ordered him to surrender his passport. During his bail period, Hutchins will be denied computer use and internet access, and his location will be tracked via GPS.

Koppe’s ruling came just half an hour before the court clerk’s office was to close for the weekend, so Hutchins’ lawyers did not have enough time to prepare the paperwork necessary for his release. Hutchins remained in custody over the weekend, but his lawyer, Adrian Lobo, expects him to be released Monday.

According to Lobo (per Reuters), a “variety of sources” around the world are offering support to Hutchins, who she says was blindsided by the accusations. Reuters says many of Hutchins’ fellow cybersecurity researchers have “rallied to his defense,” saying they “[do] not believe he [has] ever engaged in cyber crime.”

Hutchins is credited with having discovered and implemented a “kill switch” that thwarted the WannaCry ransomware attack, which infected computer systems at a number of prominent businesses throughout the world in May. In less than a day, the malware infected 250,000 computers in more than 150 countries, according to a report by CNBC. Its victims included the National Health Services of England and Scotland, FedEx, Honda, the Chinese public security bureau, and a number of universities around the world.

“He’s dedicated his life to researching malware and not trying to harm people,” Lobo said of Hutchins, per The Telegraph. “Using the internet for good is what he’s done.”

The July 12 indictment, linked to in a report by Iain Thompson of Britain’s The Register, remained classified until Hutchins arrest at Vegas’ McCarran International Airport but was released to the public after Hutchins was in custody. Filed in the Eastern District Court of Wisconsin, it alleges six counts relating to the creation and distribution of the Kronos malware. 

Upon obtaining bail, Lobo told Reuters, Hutchins will fly to Wisconsin to deal with court proceedings relating to the indictment.

The indictment accuses a co-defendant, whose name has been redacted, along with Hutchins. Lobo denied knowledge of the co-defendant’s identity, Reuters says.

According to Thompson, the indictment alleges that the co-defendant posted an instructional video describing how to use the malware and has sold or offered to sell the program for prices ranging from $2,000 to $3,000. The document further charges that Hutchins himself willfully sold the malware code in the US on June 11, 2015.

Thompson cites a July 2015 report by The Register that indicates Kronos was fetching prices as high as $7,000 dollars, making it one of the more expensive malware products available.

The high price reflects the sophistication of Kronos: the virus could bypass antivirus software and encrypt the commands inputted by its users. Moreover, potential buyers were offered a trial period prior to purchase.

The malware, which was active between July 2014 and July 2015, according to Reuters, specifically targeted Windows machines, infiltrating Internet Explorer, Firefox, and Google Chrome to steal victims’ banking information.

Lobo, per Reuters, says Hutchins is “doing well, considering what’s gone on.” He will plead not guilty to all charges. Prosecutors say he has admitted to crafting and selling Kronos, and claim to have records of chat logs between him and the co-defendant in which Hutchins discusses a transaction concerning the malware, according to The Telegraph.

However, The Register’s Thompson points out that “grand juries are indictment-issuing machines,” and that “there appears to be nothing concrete [to link] Hutchins to the Russian-language forum posts that advertised Kronos back in 2014.”

On July 13, 2014, the same day that the aforementioned Kronos help video was posted, Hutchins requested a sample of Kronos via Twitter, perhaps so that he could work to combat the malware. One may wonder why Hutchins would ask for a sample of a program he himself developed.

Hutchins was relatively unknown prior to his widely publicized thwarting of WannaCry in May. That story rocketed him to global heroism. If he is convicted in connection with the Kronos charges, he could plummet to global notoriety.

Featured image via Pexels