LONDON — A British security researcher who was hailed as a hero for helping to stop a global “ransomware” cyberattack in 2017 has pleaded guilty to charges in the United States of writing malicious software in a separate case.
The researcher, Marcus Hutchins, was arrested at the Las Vegas airport in 2017, as he was on his way back to Britain from a conference.
“As you may be aware, I’ve pleaded guilty to two charges related to writing malware in the years prior to my career in security,” Mr. Hutchins, known online as MalwareTech, said in a statement on his website on Friday. “I regret these actions and accept full responsibility for my mistakes.”
Mr. Hutchins faces up to five years in prison and $250,000 in fines for each of the charges, according to United States court documents.
In February, an American judge refused an application from Mr. Hutchins to suppress a statement he made at the Las Vegas Airport after his arrest, when he said he had been intoxicated, the BBC reported.
In 2017, a federal grand jury in the United States returned a six-count indictment against Mr. Hutchins. The indictment said Mr. Hutchins, then 23, and an unidentified accomplice conspired to create and sell malware intended to steal login information and other financial data from online banking sites.
A version of the program, known as Kronos banking Trojan and created by Mr. Hutchins, was sold by the accomplice for $2,000 in June 2015, the indictment said. But the document did not include details of how widely the malware was used.
The government has said it will move to dismiss the remaining charges in exchange for Mr. Hutchins’s guilty plea.
The global cyberattack that Mr. Hutchins helped stop disrupted Britain’s National Health Service and hundreds of other organizations worldwide, spreading to more than 70 countries. It used a variant of WannaCry, a piece of malicious software that locks victims out of their systems and demands ransoms. Mr. Hutchins was credited with disabling it.
In a blog post at the time, he explained that he had noticed the malicious software trying to contact a particular internet address, discovered the address was unregistered and bought it, which turned out to trigger a “kill switch” in the software.
Researchers at Symantec, a security company, attributed the attack at the time to a team of hackers known as the Lazarus Group, which United States intelligence experts say is most likely linked to North Korea. The attack used computer vulnerabilities revealed in documents leaked from America’s National Security Agency.
“Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes,” Mr. Hutchins said in his statement on Friday about his work as a security researcher. “I will continue to devote my time to keeping people safe from malware attacks,” he added.