Marcus Hutchins was hailed as a hero in May 2017 when he found a “kill-switch” that slowed the effects of the WannaCry virus affecting more than 300,000 computers in 150 countries.
But the 25-year-old, from the seaside resort of Ilfracombe in Devon, was arrested by FBI agents in a Las Vegas airport months later after attending a hacking convention.
US district judge Joseph Peter Stadtmueller said on Friday the virus Hutchins helped stop was much more damaging than the malware he created, and sentenced him to time served – with a year of supervised release.
Hutchins, known online as MalwareTech, tweeted on Friday: “Sentenced to time served! Incredibly thankful for the understanding and leniency of the judge, the wonderful character letter you all sent, and everyone who helped me through the past two years, both financially and emotionally.”
He had pleaded guilty to two charges relating to writing malware, which court documents have described as “malicious computer code” known as Kronos.
The documents said: “The malware was designed to target banking information and to work on many types of web browsers, including Internet Explorer, Firefox, and Chrome.
“Since 2014, Kronos has been used to infect numerous computers around the world and steal banking information.”
Hutchins, who had faced up to 10 years in prison, tweeted before his hearing: “Heading into court now, no matter what happens I love y’all.”
Writing earlier this year on his website, Hutchins said of his acts: “I regret these actions and accept full responsibility for my mistakes. Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes.
“I will continue to devote my time to keeping people safe from malware attacks.”