🎙️
AIPodify
Shows

Darknet Diaries

Meet the Guy Who Accidentally Stopped the World's Most Dangerous Ransomware Ep. 158 MalwareTech

Guest: Marcus HutchinsMay 6, 2025
ransomwarewannacrycybersecuritymalwarefbi investigationus justice systemanonymityhacker communityeternalblue exploitkronos malwarecybercrime prosecution
Meet the Guy Who Accidentally Stopped the World's Most Dangerous Ransomware ☠ Ep. 158 MalwareTech

Episode Summary

AI-generated · Mar 2026

AI-generated summary — may contain inaccuracies. Not a substitute for the full episode or professional advice.

This episode features a rare, in-depth interview with Marcus Hutchins, known online as MalwareTech, the anonymous security researcher who famously and accidentally stopped the global WannaCry ransomware attack in 2017. Host Jack Rhysider, who pursued Hutchins for years, delves into the full, incredible story from the moment Hutchins stumbled upon WannaCry to its unexpected, life-altering aftermath. The central thesis explores the complex, often contradictory consequences of accidental heroism, the loss of anonymity, and the unforgiving nature of the US federal justice system for past mistakes.

The story begins in early 2017, with MalwareTech, a then-anonymous security researcher in Devon, UK, specializing in reverse-engineering botnet malware to monitor C2 infrastructure. He recounts how the WannaCry ransomware, believed to be developed by North Korea using the NSA's leaked EternalBlue exploit, began crippling UK hospitals. MalwareTech quickly recognized its wormable nature, a first for ransomware at the time [09:59]. While analyzing the malware, he found an unregistered domain in its code, which he registered, thinking it was a command-and-control server. Unbeknownst to him, this domain was a kill switch, and activating it suddenly halted the global spread of WannaCry [12:15].

His anonymity was shattered when The Daily Telegraph, identifying him as Marcus Hutchins, published his real name and address [15:47], followed by The Daily Mail publishing his photo under the headline 'Surf dude saves the day' [18:38]. This newfound fame brought immense public attention, including scrutiny from foreign intelligence agencies [20:02]. Just three months after WannaCry, while returning from Defcon in Las Vegas, Hutchins was detained by the FBI at McCarran Airport [29:40]. The agents confronted him with compiled code for Kronos malware [33:51], a banking Trojan he had developed in his late teens under duress, forcing him to reckon with his past as a malware writer.

Hutchins faced bizarre federal charges like "conspiracy to commit wiretapping" [49:37] and "conspiracy to commit computer hacking," as the US has no direct law against writing malware. Despite initially deciding to fight the case, the immense stress of the two-year federal process led him to plead guilty [57:09]. Miraculously, due to pro bono legal aid from Marcia Hofmann and Brian Klein, and overwhelming support from the hacker community (who posted his $30,000 cash bail [44:24]), the judge sentenced him to "time served" [59:18]. The judge explicitly cited Hutchins' self-rehabilitation and his actions in stopping WannaCry as reasons for the lenient sentence [61:30], revealing the profound and unexpected role his heroism played in his legal outcome. Listeners walk away with a stark understanding of the personal cost of online actions, the intricate workings of cybercrime investigations, and the unexpected twists of fate that can shape a life in the digital age.

👤 Who Should Listen

  • Cybersecurity professionals and enthusiasts interested in the WannaCry incident and its aftermath.
  • Anyone curious about the personal stories of prominent hackers and security researchers.
  • Individuals interested in the intricacies and challenges of the US federal justice system regarding cybercrime.
  • Those concerned with digital privacy and the implications of losing anonymity online.
  • Aspiring security researchers and malware analysts considering the ethical boundaries of their work.

🔑 Key Takeaways

  1. 1.Marcus Hutchins, known as MalwareTech, accidentally stopped the 2017 WannaCry ransomware attack by registering an unregistered domain within its code, unknowingly activating a kill switch [12:15].
  2. 2.WannaCry was a wormable ransomware, meaning it could spread autonomously without user interaction, a novel and dangerous characteristic at the time [09:59].
  3. 3.The ransomware was believed to originate from North Korea, leveraging the NSA's leaked EternalBlue exploit, and was poorly designed, making files largely unrecoverable even if victims paid the ransom [07:56].
  4. 4.Hutchins' heroism led to the immediate loss of his anonymity as a security researcher, with media outlets publishing his real name, address, and photos against his wishes [15:47].
  5. 5.His past involvement in developing the Kronos banking malware as a teenager led to his arrest by the FBI in the US, where he faced obscure charges like conspiracy to commit wiretapping due to the lack of direct laws against malware creation [49:37].
  6. 6.The stress and duration of the US federal justice system were so severe that Hutchins stated he would have preferred a year or two in jail over the two-year legal battle [63:07].
  7. 7.The judge's decision to sentence Hutchins to "time served" was heavily influenced by his act of stopping WannaCry, his self-rehabilitation, and strong support from the cybersecurity community [61:30].
  8. 8.The hacker community, including Tarah Wheeler and Deviant Ollam, played a crucial role in supporting Hutchins by raising $30,000 for his cash bail [44:24] and securing pro bono legal representation.

💡 Key Concepts Explained

WannaCry Ransomware

A devastating, wormable ransomware attack that rapidly spread globally in 2017, encrypting computers and demanding Bitcoin. It's attributed to North Korea and used the NSA's leaked EternalBlue exploit, making it uniquely dangerous because it spread without user interaction and often rendered files unrecoverable even after ransom payment [09:59].

WannaCry Kill Switch

An unregistered domain embedded in the WannaCry malware's code. MalwareTech accidentally activated this 'kill switch' by registering the domain, causing the malware to cease spreading. This mechanism checked if the domain was active before continuing its infection process [12:15].

EternalBlue Exploit

A Windows vulnerability discovered by the NSA, which the agency then lost control of to the Shadow Brokers. This exploit was subsequently used by North Korea to power the rapid, wormable spread of the WannaCry ransomware [06:24].

Kronos Malware

A devastating banking malware designed to gain access to victims' bank accounts and siphon funds. Marcus Hutchins (MalwareTech) admitted to developing a component of this malware as a teenager, which later led to his arrest by the FBI [34:58].

Time Served

A legal term for a sentence that equates to the time a defendant has already spent in custody or under other restrictions related to their case. In Marcus Hutchins' case, it meant he received no additional jail time, with the judge deeming his two years of legal battle and his actions against WannaCry as sufficient 'punishment' [59:18].

⚡ Actionable Takeaways

  • Prioritize protecting your anonymity online, especially if your work involves sensitive or controversial topics, as seen with MalwareTech's rapid unmasking by the press [15:47].
  • Be aware of the legal nuances and potential interpretations of your online activities, as US law can charge malware creation under broad statutes like wiretapping conspiracy rather than direct malware laws [49:37].
  • Seek immediate legal counsel if detained or questioned by law enforcement, understanding that initial friendly questioning can be a tactic to gather information before charges are made [32:46].
  • Cultivate a supportive professional community, as collective action and mutual aid from the hacker community significantly assisted Marcus Hutchins in his legal battle [44:24].
  • Understand that past actions, even those intended to be 'not super harmful,' can have significant long-term legal repercussions, underscoring the importance of ethical considerations in all development work [34:58].
  • If facing legal challenges, explore pro bono legal options or community fundraising, as these can be critical in navigating complex and costly federal cases [53:51].

⏱ Timeline Breakdown

02:05MalwareTech introduces himself as an anonymous security researcher.
05:21WannaCry ransomware begins infecting British hospitals.
06:24Discussion of WannaCry's origin (NSA's EternalBlue, Shadow Brokers, North Korea).
09:59MalwareTech realizes WannaCry is wormable ransomware, not spread via phishing.
11:35MalwareTech discovers and registers the kill switch domain in WannaCry's code.
12:15MalwareTech accidentally stops WannaCry by activating its kill switch.
13:41Public realizes MalwareTech activated the kill switch, but some suspect he wrote the malware.
15:47Media (The Daily Telegraph) reveals Marcus Hutchins' real name and address.
18:38The Daily Mail publishes his photo with 'Surf dude saves the day' headline.
20:02Foreign intelligence agencies express suspicion and interest in Marcus.
24:15Marcus attends Defcon 2017, experiencing overwhelming public attention.
29:40FBI detains Marcus at McCarran Airport.
33:51FBI shows Marcus compiled Kronos malware code, revealing the reason for his arrest.
34:58Marcus admits to starting as a malware writer and developing Kronos as a teenager.
39:10Marcus describes being held overnight in Las Vegas jail.
44:24Tarah Wheeler and Deviant Ollam post his $30,000 cash bail.
45:25Marcus is stuck in the US, unable to leave or work due to bail conditions and visa status.
46:30His lawyers successfully argue for him to move to Los Angeles.
49:37Explanation of the obscure charges (conspiracy to commit wiretapping) he faced.
52:48Marcus decides to fight the case, perceiving the FBI's motive as leverage.
53:51Marcia Hofmann and Brian Klein take his case pro bono.
57:09Marcus pleads guilty after two years due to the immense stress of the federal case.
59:18Judge sentences Marcus to 'time served.'
61:30The judge's rationale for sentencing, citing Marcus's rehabilitation and WannaCry actions.
63:27Marcus reflects on how WannaCry, despite initial trauma, ultimately saved him from a longer sentence.

Best of this topic

Best ransomware episodes →Best wannacry episodes →Best cybersecurity episodes →Best malware episodes →Best fbi investigation episodes →

💬 Notable Quotes

"I didn’t think anyone had ever made wormable ransomware before. I was like, this ransomware spreads from computer to computer, completely unaided." [09:59]
"The domain was a kill switch." [12:15]
"So, as far as a lot of law enforcement and intelligence agencies are concerned at the time being, I am the one who created WannaCry." [14:47]
"If I could have taken a year or two in jail instead of going through all of that stress, I would have taken it." [63:07]

More from this guest

Marcus Hutchins

All appearances →Best episodes →

Listen to Full Episode

▶ YouTube

📬 Get weekly summaries like this one

No spam. Unsubscribe anytime. By subscribing you agree to our Privacy Policy.

Continue Exploring

🎙️

More from Darknet Diaries

All episodes →

🏷️

More ransomware episodes

Browse topic →

Best wannacry episodes

Ranked list →

🗂️

Browse all topics

Topic directory →

← All episodes of Darknet Diaries