You’re on the way back home from work and open the e-mail app on your phone. Several e-mails from big companies like Amazon, PayPal, and even your bank account, are in your inbox. All of these e-mails announce different things: You’ve supposedly ordered something you never wanted, you’ve made an unauthorized purchase, and apparently your password has been changed?
These emails all then follow the same script: “Click this link or call this number if you have an issue!” But are these e-mails actually the companies they claim to be from?
If you’re familiar with this new ‘digital age,’ you would know that these e-mails are just one out of the 3.4 billion phishing e-mails Americans receive every day. When you receive these annoying-at-best spam e-mails, you may wonder, “Why do these scammers keep trying? Who’s actually going to fall for this?” Well, for reference, according to the FBI’s 2023 IC3 report, cyber crimes made a total of 12.5 billion dollars in the United States alone. Shocking, isn’t it?
There are a variety of cyber crime tactics that are employed on people, such as cryptojacking, identity theft, spoofing, phishing, and the transmission of malware to smart devices.
Malware is software that is specifically designed to tamper with a device, whether it is by damaging, disrupting, or gaining unauthorized access to information on a device.
Distributing and spreading malware is a significant part of cyber crime. But if it’s just software, then surely people can keep themselves safe by just not downloading anything suspicious, right? Well, that’s where phishing comes into play.
Phishing e-mails are becoming more realistic by the day. So it’s unsurprising that someone may click on a link due to the convincing appearance of an e-mail, or even that they may have clicked on it by accident.
When that link is opened, anything can happen from there. Some simpler scams will have victims call a number, others will collect broad information such as the model of the victim’s device, and others will display a fake login screen so victims can enter their e-mail and password.
However, there is a much more dangerous type of cyber attack that is used to drain thousands, if not millions, of dollars out of victims. This type of attack is called a ransomware attack. It is typically malware that a user unintentionally downloads onto their device, usually from a malicious link sent to them through a phishing e-mail, or another method. As the name suggests, this kind of malware holds the victim’s information up for “ransom.”
The ransomware accomplishes this by first encrypting the victim’s data with a cipher, so that only the malicious actor(s) are capable of retrieving the victim’s data.
At this point, all the data on the victim’s computer is locked up, and the user is barely able to use their device, with some ransomware even locking the victim’s inputs. This means the user is not even able to use their mouse or keyboard, or they may be locked into a popup. The popup will often explain to the victim what happened and give them information on how to retrieve their data. Some ransomware will even go so far as to erase all the data on the victim’s device if they attempt to shut down, restart, or try to clear the virus out of their system, warning the victim of the possible erasure of data in advance.
Ransomware popups will typically display a crypto wallet address, asking the victim to send the ransom over to that address, as crypto transactions are hard to trace down. This masks the identity of the perpetrator and allows them to get away with it easily.
Well, if you know you’re smart with how you use the internet, and you don’t think you’ll be downloading a virus anytime soon, then why should you care?
Ransomware distributors target more than just regular, everyday people. They also target our major infrastructure such as transportation, food and agriculture, commercial facilities, financial services, government facilities, critical manufacturing, and healthcare and public health.
The FBI received 1,193 complaints from organizations in critical infrastructures, and found that the greatest amount came from the healthcare and public health sector, at 249 complaints.
A recent cyber attack on healthcare occurred back in February 2024 against Change Healthcare. Change Healthcare is a company that provides a software solution to help healthcare services manage revenue and billing cycles. Their software is responsible for 15 billion medical claims a year, accounting for nearly 40 percent of all claims.
The cyber attack knocked Change Healthcare’s service offline, leaving a stockpile of unpaid medical claims. This severely threatened the patients’ access to healthcare, and canceled over 19,000 appointments.
Another shockingly common cyberattack on hospitals is, unfortunately yet unsurprisingly, ransomware. The first ever instance of a ransomware attack occurred in 1989, when a Trojan Horse virus was sent to a group of AIDS researchers via a floppy disk. The virus disguised itself as a legitimate program in order to gain access to the computer it was installed on. And in May of 2017, another ransomware attack rose, which would change the world forever: the WannaCry virus.
WannaCry is ransomware which the FBI concluded the North Korean government had funded. The attack was a precisely coordinated global attack that made use of a Microsoft Windows vulnerability, and did not exclusively attack hospitals. However, it did infect over 1200 diagnostic devices running on old hardware. Through the vulnerability, the infamous virus was able to seep through networks, attacking companies and organizations in 150 countries on its first day. WannaCry cost $4 billion dollars in financial losses across the globe.
WannaCry was a landmark in cybersecurity history that assisted greatly in creating a world that is much more wary of the threats that hackers and cyber criminals impose. However, it is not enough. Ransomware attacks have risen by 13 percent in the last five years, and so has their sophistication.
“There’s many evil intentions and ulterior motives, as to why hospitals, education centers, and schools are institutions that are attacked,” said Khairul Alam, a cybersecurity specialist at XOR security, a cyber operations and engineering firm. XOR aids federal and commercial institutions in grasping the complexities of a cyber threat. It has a long history in cybersecurity, despite not having a background in it.
When it comes to hospitals, ransomware can obviously be dangerous for financial and health reasons, due to the risk of medical equipment being compromised. However, there can also be other possible threats.
Alam stated that “Hospitals are main targets because of people’s identity. A nation can meddle into the politics of another nation. Let’s say, for example, I could hack the results of the health results of an upcoming politician who’s in an election. If I could prove that person has, let’s say a long-term illness like cancer or something like that – this has happened before where attackers have changed the nodules up in the radiology reports and pretty much – a politician is discredited if you are found with the illness.”
So this begs the question: what can we do to protect ourselves from cyber attacks like these?
Alam’s general advice is to remember that all of this is a mind game and that you should think before you click. “I believe it’s always human behavior that leads to all these breaches at the end of the day. That it is easier breaching the mind of the person – breaching their psychology – than it is to breach a machine, an institution, or a company, so if you look more into social engineering, that’s what it’s all about,” Alam said. Alam also suggests that people should ensure no one else is “peeping over the shoulder” when they have sensitive information out, and not to leave their personally identifiable information out in the open. Everyone should be doing their part in protecting themselves and others.
Additionally, Ishrak Rahman, a cybersecurity major at Central Connecticut State University, has similar advice. Rahman advised, “Use strong passwords and use different passwords for every account you create. If you get an e-mail/text saying something absurd such as: ‘YOU HAVE WON A BILLION DOLLARS! CLICK HERE TO REDEEM!’ it is most likely a phishing scheme, so don’t try to click on it. Also, do not give sensitive information such as passwords, SSNs, etc. to random people even if they ask for it.”
In this modern age, it seems that it is near impossible to keep one’s information safe. From data breaches containing 2.9 billion people, to accounts hacked, to even students in NYC public schools receiving a letter in the mail that their information has been compromised, this certainly appears to be the case. Despite all of this, there is still hope. As Alam and Rahman stated, people can still do their part in protecting their information. The general rule of thumb is, don’t download or click any links that seem fishy, and whenever you have to use your personal information, ensure that no one is around to swipe it.
“I believe it’s always human behavior that leads to all these breaches at the end of the day. That it is easier breaching the mind of the person – breaching their psychology – than it is to breach a machine, an institution, or a company,” said Khairul Alam, a cybersecurity specialist at XOR security, a cyber operations and engineering firm.