Marcus Hutchins, the British security researcher who was credited with halting the spread of WannaCry ransomware in 2017 before later being arrested for hacking, has now pleaded guilty to two charges as part of a plea deal.

Hutchins, known online as “Malwaretech,” shot to fame in May 2017 when he “accidentally” discovered a kill switch that could slow the distribution of the malware. Unfortunately for Hutchins, that publicity also brought attention to him in the form of the U.S. Federal Bureau of Investigation, which had him arrested at a Las Vegas airport in August 2017.

The FBI alleged that Hutchins was involved in the creation and distribution of Kronos, a banking Trojan virus that was designed to steal financial and other personal details from a victim. “[An unnamed suspect and] Marcus Hutchins knowingly conspired and agreed with each other to commit an offense against the United States, namely, to knowingly cause the transmission of a program, information, code, and command and as a result of such conduct, intentionally cause damage without authorization, to 10 or more protected computers during a 1-year period,” the FBI said at the time.

At his first court appearance later the same month, Hutchins pleaded not guilty to the allegations, but 20 months later, facing possibly decades in jail, he has had a charge of heart.

“I’ve pleaded guilty to two charges related to writing malware in the years prior to my career in security,” Hutchins wrote on his blog. “I regret these actions and accept full responsibility for my mistakes. Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.”

According to the plea deal, Hutchins has pleaded guilty to two of the original 10 counts — a charge of conspiracy and a charge relating to the manufacture, distribution, possession and advertising of devices for intercepting online communications. Both offenses carry a maximum jail term of five years and a maximum $250,000 fine each.

As The Register noted Friday, it’s unlikely Hutchins will be given the maximum sentence given the plea deal, but there is a chance that he may still end up serving some time behind bars. It’s unclear at this time when the sentencing hearing will take place.

Photo: Marcus Hutchins/Facebook