Zohar Pinhasi has no doubt that hackers—whoever they are—dictated the outcome of the 2016 presidential election. They’re that good.
But, he’s quick to add, so is he.
“If it’s a computer, you can manipulate it,” says Pinhasi, CEO and founder of Miami-based MonsterCloud. “We bought a voting machine online, just to understand how the device works, and we hacked it in five minutes. I even hacked a computer that was 100 percent unplugged from the internet. The thought that any computer cannot be manipulated is absolutely outrageous.”
It might sound like bragging, but Pinhasi, 40, has the goods to back up the big talk.
Born and education in Israel, he sharpened his skills in the Israeli military, focusing on security intelligence. Discharged at age 22, he started a business to help communications companies fight telecom fraud—hackers squeezing extra minutes out of SIM cards. At the time, it was a serious problem, costing the industry millions of dollars.
Yet what Pinhasi discovered after moving to Miami in 2002 and starting another company, PC USA, that provided information technology services to small businesses, dwarfed any scam he’d seen the internet bad guys running before.
It was ransomware—online fraud taken to a new level.
He calls it today’s No. 1 threat facing large and small companies alike, governments and even individuals. Years earlier, Pinhasi had battled a problem costing companies millions. Ransomware, he says, today is a billion-dollar specter hanging over the heads of all computer users, and the problem is destined to get worse.
With a single click on a malicious email, Pinhasi explains, a sophisticated ransomware program can infect a single PC or a large company running thousands of computers and hundreds of servers. In the blink of an eye, it encrypts every file. Perpetrators demand ransom for the key to unlock the system.
“Ransomware today is a global problem that affects every person on planet Earth,” Pinhasi says. “No matter who you are, no matter what kind of business or government you are, you can be affected. It’s beyond insane.”
Pleas for help have come from one of the nation’s largest pharmaceutical companies, an Indiana police department and computer users everywhere between. Often, it’s an organization’s own IT specialist calling, frantically seeking a way to deal with an attack he or she never has seen before.
“When they call us, they’re having a panic attack,” he says.
That’s where MonsterCloud’s 70 employees are helping 7,000 customers around the world. It’s taken up to four days to get some big companies up and running again, drawing on its own cybersecurity unit and its database of cyber threats, built from monitoring ransomware activity around the world.
“This problem went from computers to servers to smartphones to TVs, then to smart thermostats, and now criminals are locking databases,” Pinhasi says. “Sometimes we get hundreds of calls a day.”
And while MonsterCloud’s calls have seen an uptick once “Russian hacking” became ubiquitous water-cooler chatter, the inquiries that begin with “How can I protect myself or my business” end up with an education.
“If you get hit, we have a lot of knowledge you cannot find online,” Pinhasi says. “What do you do? How do you recover your files? How did they get in? It’s part of the process of recovering, and just as important: We want to ensure you will never be in that position again.”
Still, Pinhasi points out, dealing large-scale with ransomware remains a challenge because no one really knows its scope. According to the FBI, it’s less than a $1 billion annual scam, but Pinhasi says only about 20 percent of victims report their attacks.
By the end of this year, he predicts, ransomware could cost computer users more than $10 billion.
“I won’t be surprised if losses from ransomware increase five to 10 times before the end of 2017,” he says. “We’re all more vulnerable as the bad actors get better.”