Marcus Hutchins "MalwareTech"

In May 2017 Marcus Hutchins, a 23-year-old security researcher from a Devon village living with his parents, found a hard-coded URL inside the WannaCry ransomware while reverse-engineering a sample. The URL didn’t resolve. He registered the domain for $10.69 — a routine sinkholing exercise. The malware contacted the domain, received a successful response, and silently terminated itself on every machine it had infected. Hutchins had stopped the worst ransomware outbreak in history by accident, in the back garden of his mother’s house, while wearing a hoodie. The British press made him a national hero overnight.

Three months later the FBI arrested him at Las Vegas airport on his way home from DEF CON. He had, as a teenager, written banking malware called Kronos that other criminals subsequently weaponised. The case took two years to resolve. Hutchins pleaded guilty in 2019 to two counts; the judge sentenced him to time served and a year of supervised release, citing the WannaCry contribution and the genuine reform she observed.

Hutchins now runs Kryptos Logic, writes long-form security analysis, has a sizeable YouTube channel, and remains one of the most thoughtful public voices on the moral arc available to people who started in the criminal scene as teenagers and want to leave it. The Andy Greenberg Wired piece, “The Confessions of Marcus Hutchins”, is the single best account of how someone moves from one side of the line to the other, and what it costs.