PC Matic founder Rob Cheng

At Gateway Inc. in the 1990s, Rob Cheng, senior vice president of worldwide sales, marketing and support, could see the problems lining up from his desk on the Iowa-South Dakota border. Customers were calling customer support lines complaining of slow machines, and there was no clear diagnostic system to efficiently address the customers. 

In 1999 Cheng left Gateway to found PC Pit Stop, offering custom computer diagnostics and troubleshooting. Soon, Cheng said, PC Pit Stop became one of the top websites visited worldwide. In 2011, the company introduced PC Matic, an antivirus software system using the whitelist model to block computer viruses from homes, businesses and governments internationally. 

Today, Cheng watches what he calls the “tsunami” of ransomware attacks against small city and county governments with alarm: Attacks in Georgia, North Carolina, Miami, New York, Maryland, Ohio, Pennsylvania, Indiana, California and Texas had already occurred in 2019 by the time Cheng spoke to the Business Record in May, and he predicts the onslaught won’t be slowing down. 

“We are seeing, recently in the last few weeks, just a huge surge in successful ransomware attacks,” he said. “It’s getting kind of scary, and really it’s focused on cities and counties.”

Cheng is now based in Myrtle Beach, S.C., but the company is still headquartered in Sioux City where Cheng made connections with fellow former Gateway employees during his time there. Ten of the company’s 70 employees call Iowa home.

What makes your antivirus unique? 

In 2010 something interesting happened. My wife and my father, who both use PC Matic, [their computers] both got infected. We didn’t write our own antivirus, we were licensing it from a third party … and I started looking around for some other ones. I said, “Wait a minute, they’re all flawed. They’re all based on this blacklist.” 

In 2011 we wrote our own antivirus, and it was based on the whitelist. … All the other antiviruses are trying to keep track of every known virus in the world. If one of those viruses tries to execute on the network or on the computer, they will stop it because it’s on the blacklist. The flaw in this are things that they haven’t seen before, because if they have not seen it before, it’s a brand-new virus — and there’s other things I can do to trick antiviruses to think they haven’t seen it before; they assume it to be good. So that is the security hole that we’re experiencing actually in the entire nation right now. 

The whitelist takes a very opposite approach, it tries to keep track of everything good, and when it sees something that hasn’t been verified to be good, it is assumed to be bad. … Our product works very much like an endless celebrity event. It starts with a list … if you want to get into the event but you’re not on the list, even though you might deserve to be on the list, you’re not going to get into that event. You might want to talk to the person who made the list, and then maybe you can get into the next event. 

We are the only [antivirus] made in America, we are the ones doing the innovation. … To be clear, the whitelist was a key innovation to keep ahead of all these attacks. But there’s numerous other innovations we’ve had, like protecting against RDP attacks. We are ahead of the enemy. 

Why are small entities under cyberattack? 

Starting the first or second week in March … Jackson County, Georgia; Orange County, North Carolina; the city of Albany; the city of Greenville … and then the Cleveland Airport was all shut down. It’s truly accelerating.

Jackson County is a small, rural county; it has 60,000 people in the entire county. They got hit and it shut down everything. It really crippled the entire county. They contacted the FBI, and the FBI told them to go ahead and pay the ransom, and ransom was $400,000. … One of the reasons [people] pay the ransom is so that they don’t want everybody to know, they just want it to go away. 

In this case, they paid and we learned about it. Worse yet, and this is what scares me, all the other bad guys learned about this. You go and attack a little county, that’s good for $400,000. … There’s exactly 100 counties in the state of Georgia, and Jackson County is the 43rd-biggest, so there’s 57 that are smaller than them, and we have to assume less sophisticated, technically, than Jackson County. 

There’s so many targets out there. … The reason you see the acceleration is because they know they can make a lot of money. 

How are they attacking? 

They’re coming in through something called RDP [remote desktop protocol]. It’s actually a feature in Windows in order to do remote maintenance on servers and on networks. That’s really good, it lowers the costs of maintenance on these things, but it’s also a very large security hole. 

They know the passwords. Before, they used to have these programs that would try to guess the passwords, but now they know the password, they’re coming in on first attempt. 

There’s been so many breaches in this country with all of our information — the most recent large one was the end of December at the Marriott. The Marriott had over 500 million records exposed. … We should all believe and assume the bad guys know all the passwords. We don’t change our passwords — all our passwords are out there on the dark web, but we just leave them that way. 

[Hackers] can say, all right, who works in Jackson County? That’s not hard in today’s age with LinkedIn. Then they say, here are all the people, what are all the passwords? As soon as they find a password that matches, then they get in, and the next thing they do is they uninstall the antivirus, and then they disable all the [data] backups. Then they deploy the ransomware. 

I’m very proud because our customers, through all of this, are not getting infected, and we’ve developed numerous technologies to stop [hackers] from uninstalling our product, and giving IT administrators power to go and kill RDP sessions in order to make sure that this doesn’t happen to any of our customers. 

[Hackers] have figured out the people who will pay the most money for a data set are the original owners of that data. … Now, they’re only in [a victim’s network] for minutes. That enables them to go and attack more places faster.

In the middle of all this news, are you receiving more calls to your business?

Business is growing really well. Actually, I wish we were doing better, honestly, because we are addressing a very important issue related to public safety. The more people who understand the distinction between our product and others, I think that is important. 

I’m very interested in getting our product into state government[s]. I live in South Carolina, I’ve had a lot of success talking to government officials at the state level. … But all the successful attacks have been either at the city or the county level. There has not been a successful attack that we know of at the state level yet, although I think it could happen. The place where you want people to be very, very alert is at the city and the county level.