If I am being honest, it is shocking, according to multiple people and from what I saw, the guy has been working like crazy to monitor, prevent, and detect malware, especially ransomware and botnets lately. Would be ridiculous if he was actually behind the banking trojan.....
"The ransomware was hardcoded to receive instructions from a specific web domain, which Hutchins found was unregistered. After he registered the domain and began operating a server on it to capture traffic from WannaCry, the ransomware suddenly stopped infecting Hutchins' test machines.
It turned out that WannaCry had a built-in "kill switch," possibly to prevent its discovery by malware researchers, who often perform research on isolated virtual machines that mimic the entire internet without actually being connected to it."
So the hardcoded domain was a decoy that serves as the kill-switch if someone attempts to register and receive traffic from it?