The security researcher who is credited with helping stop the WannaCry ransomware attack in 2017, Marcus Hutchins, was sentenced to time served and a year of supervised release this week after he pleaded guilty to unrelated malware charges earlier this year.
“Incredibly thankful for the understanding and leniency of the judge, the wonderful character letter you all sent, and everyone who helped me through the past two years, both financially and emotionally,” the British researcher tweeted Friday afternoon. He further thanked his team of lawyers, who he said represented him pro bono.
Hutchins was arrested in Las Vegas in 2017 just months after WannaCry on federal charges of creating the Kronos malware, which can be used to steal banking information. He was hit with four additional charges in a superseding indictment last year, bringing the total number of charges against him to 10.
Hutchins faced up to 10 years in prison and potentially hundreds of thousands of dollars in fines for creating and selling the malware. He accepted a plea agreement in April, for which eight of 10 charges were dropped.
“As you may be aware, I’ve pleaded guilty to two charges related to writing malware in the years prior to my career in security,” Hutchins said in a statement at the time. “I regret these actions and accept full responsibility for my mistakes. Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.”
In the time since WannaCry, Hutchins has positioned himself as a respected researcher in the cybersecurity field. According to TechCrunch, Judge J.P. Stadtmueller took his recent work into account and said that it will “take the people like [Hutchins] with your skills to come up with solutions because that’s the only way we’re going to eliminate this entire subject of the woefully inadequate security protocols.”