How Counter Cyber Terrorism Expert Zohar Pinhasi and MonsterCloud Fight Ransomware
Written by: Tim Crean
Art by: Ra.li.to
Not all superheroes wear capes.
Anyone who fights the good fight against criminals and evil-doers and thwarts them at every turn, they are a superhero. Anyone who protects and serves the good guys – the small businesses, the public servants, the police, the everyday person – is a true superhero.
IT cybersecurity expert, Zohar Pinhasi may wear a suit and tie but make no mistake, he and his team at MonsterCloud are as many superheroes as anyone in spandex and a cape. These cybersecurity ninjas fight the villains who kidnap your data and hold it for ransom. They fight against the criminals and the hackers and the terrorists. They fight for every hardworking person who falls victim to people trying to steal their information.
Ransomware is one of the biggest problems in the world of cybersecurity. Hackers, looking for personal profit or to wreak havoc on businesses or government entities as a state-sponsored actor, are taking over computer systems with this devastating malware. It is a threat to everyone who does anything online.
Here we will tell you a story about how bad ransomware is. About how it is growing and becoming more popular among thieves and spies alike. We will tell you how the number of attacks is growing, the amount of money it is costing innocent businesses is growing, and how recent events have supercharged this growth.
While a lot of this story will be scary, there is something that will make you feel better. It is that IT superhero Zohar Pinhasi and his team of superheroes at MonsterCloud are out there. Like the Avengers or Justice League of cybersecurity, Pinhasi has brought together a super squad of cybersecurity experts. Each has a different superpower that helps fight ransomware cybercriminals.
The obstacles are huge for this super-team but they are up for the challenge. When ransomware attacks come and IT departments don’t know where else to turn, Pinhasi and his team at MonsterCloud will be there.
The Origin Story
Every good superhero has an origin story. This is a backstory about the superhero’s life before they became the crime-fighter we know today. These origin stories usually start with ordinary beginnings but as our hero gains experience and begins to see how big the problems we need to fight really are, they begin their transformation from an everyday citizen to superhero.
The Beginning
The origin story starts an ocean away from our hero’s current base in Florida. It starts in Israel years ago when a young man named Zohar Pinhasi joined the Israeli Defense Force (IDF). It is here where Pinhasi first saw what cybercriminals and cyberterrorists could so. It is also where, in his roles as an IT security intelligence officer, he found that his superpowers in IT security could stop the bag guys in their tracks and help protect and defend the people of his home country.
Branching Out
Like many superheroes, after years of successfully working for his government and defending his people, Pinhasi looked to set out on his own. He wanted to go to the heart of the action, to the place that is targeted more by cybercriminals than anywhere else. This is what brought him to the United States.
In 2003, Pinhasi founded MonsterCloud, a ransomware removal, and managed cybersecurity services company. Based in Hollywood, FL, MonsterCloud has a global response team that is standing by 24/7/365 to help companies and individuals in ransomware crises. The company is made up of some of the leading ransomware experts in the world whose specialties include removing ransomware, restoring encrypted files, and preventing organizations from becoming ransomware victims.
Our Hero Today
From its humble beginnings in the early 2000s to now, MonsterCloud has become recognized as a leading authority on ransomware and ransomware removal. Pinhasi and the company have worked with everyone from the Federal Bureau of Investigation (FBI) to dozens of police departments and municipalities across the United States to all types of businesses, large and small. No matter who they work with, the goal is the same. To remove ransomware after an attack and/or to provide cybersecurity solutions so attacks don’t happen.
After 25 years of experience in cybersecurity, Pinhasi is recognized as one of the most important and influential people in the field. He has appeared on numerous news programs and TV shows to share his cybersecurity expertise and is a respected member of many high-level professional cybersecurity organizations.
MonsterCloud is a member of the “No More Ransom” organization. This is an initiative created and run by Europol’s European Cybercrime Centre, among others, whose goal is to thwart ransomware. Pinhasi is also a proud member of www.InfraGard.org which is a partnership between the FBI and members of the private sector that helps protect critical infrastructure around the country.
With an IT superhero like Zohar Pinhasi and his team at MonsterCloud fighting for good, we can all sleep a little easier at night knowing that they are watching out for us. And that’s a big deal. Because, what they are protecting us from, cybercriminals who perpetrate ransomware attacks is a very, very, scary thing.
The State of Ransomware
Ransomware and other cyberattacks are one of the scariest things that can happen to anyone with a computer. These attacks cost businesses TRILLIONS of dollars worldwide and in 2019, they cost the average business that was hit by them around $200,000. Especially for small and medium-sized businesses, a loss like this can be devastating and even force them out of business.
What is Ransomware?
Ransomware is a type of computer virus, or malware, which infects your computer or your network. In ransomware attacks, hackers gain access to the files on your computer or network. They then lock or encrypt the files so you can no longer gain access to them. Once the cybercriminals have control of your files, they will demand a ransom (usually in the form of a secure cryptocurrency like Bitcoin). They tell you that if you do not pay, they will either lock you out of your data forever, destroy it, or publish it.
Ransomware is often delivered through a Trojan. This is a malicious link, website, or file that is opened by a user on the network which gives the bad guys access to the files. This is bad enough but now, there are new forms of ransomware that don’t need a user to access anything to let hackers in.
In one of the most famous ransomware attacks ever committed, the WannaCry virus hit more than 200,000 computers worldwide. The scariest part about this attack is that it was spread with a Worm, not a Trojan. This means that no user actions were required. The attack spread through systems using out of date Microsoft software.
This attack, which is believed to have originated from state-sponsored North Korean hackers, costs businesses hundreds of millions and maybe even billions of dollars. It is the perfect example of how these attacks are getting more sophisticated and, in turn, more frightening for businesses.
Ransomware Stats
The statistics on ransomware are scary. It is a prolific form of cybercrime that s growing exponentially. The even scarier part is that some organizations just pay the ransom without alerting the authorities or a cybersecurity company which means the numbers that follow are likely even larger than stated here. Here are some of the most eye-opening stats from the full-year data in 2019.
- It is estimated that a ransomware attack is carried out every 14 seconds, on average.
- In 2019, these attacks cost U.S. businesses around $7.5 billion.
- Around 51% of all U.S. businesses experienced a cyberattack in 2019.
- These attacks were up 41% last year from 2018.
- Ransomware attacks on municipalities went up a staggering 61%.
- 20% of ransomware attacks were on SMBS in 2019.
- The average ransomware attack happened to companies with between 600 and 950 employees.
If these stats aren’t bad enough, experts predict that these numbers will dramatically increase. Predictions include that the number of attacks will go up by the end of 2021 so that there is an attack, on average, every 11 seconds and that the same period will see the damage costs rise to $20 billion a year. These projections may already be too low though once the explosion of attacks related to the COVID-19 pandemic are factored in.
The History of Ransomware Attacks
WannaCry is just one of the well-known ransomware attacks that have happened in the last few years. This type of attack has been around since the late 1980s though. Over the years, ransomware has evolved and gotten more dangerous and destructive. Here is a brief history of ransomware attacks.
The First-Ever Ransomware Attack
The first known example of a ransomware attack happened years before this type of crime became widely popular among cybercriminals but it was very telling of what was to come. It took place in 1989 and would become known as “The AIDS Trojan”, or the ‘PC Cyborg”.
The virus was created by Joseph Popp, Ph.D. Dr. Popp was a Harvard-educated AIDS researcher who sent out 20,000 floppy disks to fellow AIDS researchers that were labeled “AIDS Information – Introductory Diskettes”. These discs contained malware though which imbedded within the computer.
This ransomware virus stayed dormant until the computer was turned on 90 times. Once the 90th reboot hit, the virus would activate and hide the computer’s directories and encrypt the names of the file. To get access to their directories and files back, the user was asked to send $189 to PC Cyborg Corp.
Early 2000s Attacks
Ransomware attacks based on the AIDS Trojan continued through the 90s but really kicked it up a notch in the early 2000s. As the internet grew after the turn of the century, so did the ease of delivering ransomware malware. No longer did a bad actor need to send out thousands of floppy disks, they could simply activate a Trojan online. By 2006, a host of new, internet-based ransomware attacks rose to prominence.
The Archives Trojan encrypted all a users’ files in the My Documents directory and coerced victims into buying the 30-digit password they needed to get the files back. The GPcode was an encryption Trojan that began as an email attachment that said it was a job application. This ransomware was notable for using a more sophisticated 660-bit RSA public key. Two years later, a next-gen version of the virus would upgrade to a 1024-bit RSA key. Other prominent attacks during this period include ones like TROJ.RANSOM.A, Krotten, Cryzip, and MayArchive.
Ransomware Makes a Leap in the 2010s
In mid-2011, ransomware attacks rose by a significant amount. Q3 of that year saw a reported 60,000 attacks which marked a major rise. Just 2 years later, that number would skyrocket to over 300,000 attacks. From that point until 2017, when WannaCry became the biggest ransomware attack in history, the cybersecurity world was faced with a number of viruses and their 2.0, 3.0, and even 4.0 versions that take this cybercrime to new heights.
CryptoLocker was one of the first ransomware viruses to demand the cryptocurrency Bitcoin as ransom and CryptoWall pioneered using malicious banner ads disguised as ads for major companies as malware bait. TeslaCrypt stated targeting popular online video games and Reveton started the “Police Trojan” which threatened computer owners with legal action unless they paid a “fine” for illegal actions performed on a computer.
In 2015, two new major categories of ransomware came on the scene. Chimera was the first virus to threaten to publically expose or publish users’ data. Fusob, also started in 2015, is one of the most famous ransomware attacks in the growing segment of mobile device attacks.
Along with WannaCry in the latter half of the 2010s, there has been an uptick in far-reaching ransomware attacks that have been very successful and lucrative for the cybercriminals, state-supported hackers, and terrorists. The most prominent viruses that closed out this decade include ones such as Petya, Bad Rabbit, SamSam, and Syskey.
COVID-19-related Attacks
This year has ushered in a new decade and has, of course, been marked mostly by the global COVID-19 pandemic. This worldwide health crisis has changed the way we live and work. It has sparked mass lockdowns to control the spread of the disease and closed stores and offices in dozens of countries. This has led to a boom in online shopping and working from home. While this has been a positive thing for some online-based businesses, it has also been a huge opportunity for ransomware cybercriminals.
These types of attacks have utilized social engineering ever since Joseph Popp mailed his discs to AIDS researchers who were likely to run them because of their label. This practice has become even easier and more refined in 2020, especially with more people than ever (including tech neophytes) involved in online commerce.
Cybercriminals are now using social engineering techniques where they use links or attachments to information about critical coronavirus-related supplies such as masks, hand sanitizer, or vaccines to get people to click on a malicious file. They also send things like “free downloads” of video conferencing, file sharing, and other work from home software that newly home-bound workers find attractive. One more technique is to offer government assistance or other economic help to people who were hard hit, financially, by the virus.
There has also been a huge increase in attacks on organizations in the healthcare industry. This has always been an industry that has been highly targeted by ransomware purveyors but the chaos in the industry caused by the coronavirus has but an even bigger target on their backs. Between the incredibly valuable personal information that is being collected and the money involved with finding a cure for the virus, hackers have upped their efforts to attack healthcare companies in 2020.
High-profile Ransomware Attacks
There have been many attacks that have affected all types of organizations. Here is a look at some of the most famous ransomware attacks we’ve seen in recent times. Many of these are municipal institutions. This is mainly because private businesses are less likely to report an attack while public entities have to.
- Hollywood Presbyterian Medical Center – In February 2016, Hollywood Presbyterian Medical Center revealed it was the victim of an attack that shut down departments of the organization. They would pay 40 bitcoins (then worth $17,000) to get back control of their system.
- San Francisco MTA – Also in 2016, 2,000 computers in San Francisco’s transport system gave riders free rides for a day until the city’s control was restored before they paid the 100-bitcoin ransom.
- City of Atlanta – The attack went down in March 2018 and the city refused to pay the $51,000 ransom. Instead, the city was forced to spend millions of dollars on emergency tech contracts. The reports are that the final bill might be as high as $17 million.
- New Orleans, LA – In mid-December of 2019, a ransomware attack hit the city of New Orleans. The attack targeted government computers and ended up affecting over 4,000 of them. The event led Louisiana to declare a state of emergency and the total cost of the breach is now north of $7 million.
- Honda – One of the latest corporate cyberattacks happened to the Honda motor company. In June of 2020, their social media announced that the company’s online services were “experiencing technical difficulties and are unavailable”. They would later admit that it was due to a sophisticated ransomware attack but how it was remedied and how much it cost the company was not disclosed.
- Garmin – Like Honda, Garmin, the GPS device company was hit with customer complaints that their products weren’t working a month later. Media outlets eventually pinned it on a ransomware attack by the hacking outfit, Evil Corp. While the company has not disclosed how the issue was resolved, many reports say the company paid $10 million in ransom.
How to Fight Ransomware
As you can see, ransomware is a huge problem that affects some of the biggest corporations and municipal entities in the world. For every high-profile attack though, there are dozens of additional attacks on smaller businesses and lesser-known public institutions. This is why knowing your options when a ransomware attack happens is so important.
There are basically two main options when a ransomware attack happens. The first option is to pay the ransom to get control of your data back. While some cybersecurity firms advocate for this method and will even help negotiate with the cybercriminals on your behalf. There are two issues with this method which are why MonsterCloud strongly recommends not doing it. Both issues stem from the fact that you are dealing with cybercriminals.
The first issue is that there is no guarantee that you will get control of your data back. Just because you pay a cybercriminal a ransom doesn’t mean that they will stick to their end of the bargain. Cybercriminals aren’t exactly known for their honor and trustworthiness.
The other issue is that there is no guarantee it won’t happen again. The hackers exploited something in a network to create the attack in the first place so, even if they do stick to the deal and give you back control, there is nothing stopping them from doing the same thing again moths, weeks, or even days later.
This is why it is so important to call – at any hour of the day or night – a professional ransomware removal and remediation company like MonsterCloud when you fall victim to this type of attack. MonsterCloud will remove the virus and restore your data or they will not charge you for their services. They have helped over 1,000 companies recover their data from these attacks and it quickly. They fix the problem in under 48 hours for over 97% of their clients.
Once the threat is removed, MonsterCloud can then help you and your organization put measures in place so that ransomware attacks are less likely to be successful in the future and even if they are, your company will be insulated from major harm. The company does this by offering a full suite of cybersecurity services that helps your organization develop comprehensive measures and plans to ensure a ransomware attack doesn’t cripple your business.
The Future of Ransomware
What does the future of ransomware look like? It honestly isn’t a pretty picture but that is why having IT superheroes like Zohar Pinhasi and the team at MonsterCloud is more important than ever. Here is what we have to look forward to in the future of cybersecurity and ransomware attacks.
Ransomware Trends in the 2020s
The last few years have seen a slew of innovative viruses and practices that are helping ransomware be more effective and destructive than ever. Hackers are targeting entertainment properties, video games, and even mobile devices. As we move further into the 20th century and technology becomes even more intertwined with the fabric of our lives, cybercriminals will find more opportunities to extort money from individuals, governments, and companies through the use of ransomware.
We are already starting to see certain trends developing in the area of cybercriminals using ransomware in new ways and with new devices. Here is a look at a few of the top ransomware trends of the coming decade.
The Internet of Things Gets Hacked
Everywhere you look in the tech world, everyone is talking about the Internet of Things (IoT). This is a network of internet-connected smart devices that can be controlled and managed from a central system or application. It is the smart thermostats, doorbell cameras, and lightbulbs you use in your house and the data loggers, security systems, and healthcare monitors used by businesses. The IoT is changing the way we do business and live our life but the concerns about IoT ransomware attacks are growing.
These devices don’t just control information like computer networks, they actually control our homes, offices, factories, and supply chains. And, the truth is, in this new technology, there are security flaws. Enterprising hackers are already working to exploit these security flaws and take control of these systems for their own gain. If and when they do, they could exert so much control over a business or municipality that it could draw hundreds of millions in ransoms.
The other, even scarier issue with ransomware and IoT technology is that these viruses could possibly put people’s lives in danger. IoT technology is what is driving innovative technology such as self-driving cars. If cyber terrorists were ever able to gain access to this once the technology has been widely adopted, it could mean a massive loss of life.
Ransomware as a Service Democratizes Crime
Once upon a time, back in the “good old days” of cybercrime, you had to be a pretty advanced computer programmer in order to create and execute a successful ransomware attack. While these attacks still happened a lot, there was at least a somewhat limited pool of people with the skills to make this happen. In 2020, that is no longer the case.
Thanks to a new niche of ransomware known as ransomware as a service (RaaS), the cybercriminals with the know-how to create these programs are creating them and selling them on the dark web as wholly packaged viruses that can be bought by almost anyone with a computer and the right amount of cash.
This opens up a new, scary world of possibilities related to where these attacks can be coming from. With technical expertise no longer a requirement, some very nefarious organizations now have access to ransomware attacks that they have never had before. Certain rogue states and terrorist organizations whose crimes have largely been relegated to the physical world and away from the cyber world are now in play to create chaos for anyone doing business online.
Ransomware Goes Old School
Yes, ransomware will get more technologically advanced as the 2020s go on but so will the cybersecurity defenses. As this cybersecurity arms race wages on, hackers are also going backward to create successful cyberattacks and are using more in-person social engineering and espionage-like maneuvers to gain access to hard to hack systems.
Recent cyberattacks illustrate exactly how cybercriminals are using old-school techniques to gain access to some of the biggest names in tech. In August 2020, Elon Musk’s Tesla and SpaceX companies worked with the FBI to thwart a planned cyberattack. A 27-year-old Russian hacker paid an employee $1 million to physically upload malware in the systems of these companies. Luckily, he was stopped before the virus was uploaded but if he was successful, it could have netted him tens of millions of dollars.
Another example of this resulted in one of the biggest and most high-profile cyberattacks of the new decade. A teenager successfully conned a cellphone company and Twitter employees into gaining access to celebrity Twitter accounts. While not exactly a ransomware attack, the ability to gain access through these methods shows exactly how hackers are going back to con-tactics of yesterday. Although the 17-year-old was eventually caught, it was not before he netted $117,000 and took over some of the biggest social media accounts in the world including those of Bill Gates, Kanye West, Barack Obama, Apple, and even the above-mentioned Elon Musk.
MonsterCloud Reviews and Testimonials
Through the years, Pinhasi and his team have helped many of the good people who inhabit the internet. They have helped the average citizen as well as the law enforcement officials whose job it is to keep people safe, both online and in real life. Here is what these people and protectors have to say about MonsterCloud.
Assisting Law Enforcement
Just like Commissioner Gordon of the Gotham Police Department has to light up the Bat-Signal when there is a problem too big to solve on his own, law enforcement in the real world have called on MonsterCloud over the years to deal with cases of ransomware and other IT security issues that were too big to tackle on their own.
MonsterCloud has worked with and comes recommended by some of the biggest names in law enforcement including John Pistole, former Deputy Director of the FBI. They have also helped Police and Sheriff’s departments around the country. MonsterCloud has worked with law enforcement agencies from Florida, Texas, Arkansas, Illinois, and more to recover files from ransomware so that they can do their jobs effectively.
MonsterCloud Reviews from Real People
It isn’t just law enforcement that MonsterCloud helps though. They protect and serve average everyday businesses and citizens as well. You can see for yourself how much MonsterCloud has helped people in need to defeat ransomware by reading the MonsterCloud Reviews and testimonials on trusted sites like Google Reviews and Trustpilot.
Conclusion
The picture painted here can be dark and foreboding and even terrifying for business, governments, and really anyone connected to the internet. It is like it comes from the pages of a dystopian graphic novel. But, also like the pages of a comic book, there is something to ease these fears; an IT superhero in the form of Zohar Pinhasi and his crew of IT Avengers at MonsterCloud. Like Batman tearing through the night, Spiderman swinging in from above, or Superman busting in at the speed of light, Pinhasi and the MonsterCloud cybersecurity experts are here for you in the darkest hour.
What we know is that there will always be bad guys trying to make a quick buck or hurt someone or something that they don’t agree with. Even though this is an unfortunate, universal truth, sleep well knowing that there will also always be superheroes fighting for the forces of good. If your business or organization needs a superhero by your side to safeguard your data and fight the bad guys while you sleep soundly in your bed, call the cybersecurity experts at MonsterCloud today.