Marcus Hutchins and the WannaCry Kill Switch

A Global Crisis

On May 12, 2017, the WannaCry ransomware outbreak began.
Within hours, it infected over 200,000 computers in 150+ countries.
Hospitals in the UK’s NHS turned patients away. Emergency rooms shut down. Critical systems froze.

The ransomware used EternalBlue, a stolen NSA exploit leaked by The Shadow Brokers. It spread through unpatched Windows systems, encrypted files, and demanded $300 in Bitcoin.

The 22 Year Old Who Stopped It

Marcus Hutchins, a security researcher from Devon, England, was home when he saw NHS systems going offline across the UK.
He downloaded a sample of the malware for analysis.

Inside the code, he saw it trying to connect to a long, random domain. It was unregistered.
He registered it for $10.69.

That single action triggered a hidden kill switch. The ransomware stopped spreading at 15:03 UTC—just over seven hours after it began.

Why He Found It

Hutchins’ work focused on tracking botnets by registering unclaimed command-and-control domains. He had already registered thousands. This experience made spotting the domain second nature.

His standard approach:

• Identify unregistered malware control domains

• Set up sinkholes to capture malicious traffic

• Gather victim data for notification

• Reverse engineer malware for weaknesses

The Past That Caught Up

Three months later, on August 2, 2017, FBI agents arrested Hutchins in Las Vegas.
He was charged with creating the Kronos banking trojan and UPAS Kit as a teenager.

In 2019, he pleaded guilty to two charges. The judge sentenced him to time served and one year of supervised release. No prison time. The court recognized he had reformed years earlier.

The Damage and Attribution

WannaCry caused $4–8 billion in global damages.
It hit:

• 80 NHS trusts in England

• FedEx, Honda, Nissan

• Government agencies worldwide

• Critical infrastructure and transport networks

The U.S. and UK attributed the attack to North Korea.

Lessons for Cybersecurity Professionals

1. Skills without ethics cause harm.

2. Systematic methods lead to big breakthroughs.

3. Knowledge brings responsibility.

4. Redemption is possible.

5. One person can have global impact.

Today

Hutchins lives in Los Angeles, continuing malware research and threat tracking.
His story is now a case study in ethical hacking and second chances.