The WannaCry attack affected more than 150 countries, targeting hospitals, businesses and government offices.
Marcus Hutchins, 23, a British national, was arrested at Las Vegas airport on Wednesday by US Marshals, several close friends confirmed to ZDNet. The Eastern District of Wisconsin returned a six-count indictment against Hutchins on July 12, 2017. Hutchins is accused of developing, selling, and maintaining the malware, in collaboration with an unnamed codefendant, between July 2014 and July 2015. "Lots of researchers like to log in to crimeware tools and interfaces and play around".
Kronos was first made available online in early 2014, including on AlphaBay- a secret marketplace for buying drugs and other illicit items.
United States authorities detained the researcher who went by the handle MalwareTech, has been accused by authorities of creating and distributing the banking Trojan between July 2014 and July 2015.
A friend of Hutchins told ZDNet the researcher was taken into custody by U.S. Marshals after passing through a security checkpoint. "This is a law enforcement matter and it would be inappropriate to comment further".
Hutchins' mother, Janet Hutchins, said it was "hugely unlikely" that her son was involved because he has spent "enormous amounts of time and even his free time" combating such attacks. According to Mabbitt, he doesn't have legal representation and will need funds to get a lawyer.
The founder of the cyber firm, Fidus Information Security, Andrew Mabbit, who went to the conference in Las Vegas with Hutchins, said on Twitter that he was working on acquiring a lawyer for Hutchins because he does not now have one.
He became a hero in the month of May by registering a website that acted as a kill switch for the malware.