MAKES YOU WANNACRY
The WannaCry damage could have been much worse had it not been for the actions of one Marcus Hutchins (aka MalwareTech), a security researcher who noticed WannaCry was trying to contact a server at an unregistered domain.
Feeling inquisitive, he duly registered the domain and set up a sinkhole, a server designed to capture information, which had the effect of neutering the malware. Once infected machines were able to contact this domain they stopped trying to infect other machines: in short, Hutchins had found a killswitch.
Further variants of WannaCry appeared in the aftermath, and mercifully killswitch domains were found for these too. Hutchins became something of a hero overnight, which makes the next part of the story quite upsetting. In August 2017 he was in Las Vegas attending the Def Con hacker conference, and was promptly picked up by the FBI on hacking charges relating to the Kronos banking trojan, to which he admitted contributing code as a teenager. In July 2019, Hutchins was effectively granted his freedom, with the judge sentencing him to time already served and even recommending he seek a pardon. This could have gone much worse for Hutchins; the plea deal he accepted could have seen him spend a decade in jail.
We’ve long commented that technology is moving faster than laws can keep up with. People doing security research have to walk a fine line. They are bound by a treaty known as the Wassenaar Arrangement, by which signatory nations agree to implement regulations governing software that could be used maliciously.
The agreement was reworded in December 2017 to make special provisions for security researchers, who may have previously risked prosecution by sharing tools or vulnerabilities across borders.