Ransomware jako zagrożenie dla bezpieczeństwa infrastruktury krytycznej, ze szczególnym uwzględnieniem systemu finansowego

Patryk Król

doi:10.26354/bb.5.1.98.2025

Published: 2025-05-09

Vol. 98 No. 1 (2025)

Ransomware as a threat to the security of critical infrastructure, with a focus on the financial system

Patryk Król

Section: Problems and Opinions

https://doi.org/10.26354/bb.5.1.98.2025

Abstract

Scientific objective: This article aims to summarise the contemporary knowledge of ransomware threats and to examine their impact on critical infrastructure in Poland.

Research problem and methods: The research problem is to analyse the growing threat of ransomware, especially in the context of its impact on public and private institutions. Research methods include a critical analysis of the literature and case studies of actual attacks.

Executive process: Based on a literature review and incident analysis, the paper discusses the stages of a ransomware attack, examples of known incidents in Poland and analyses the level of threat in different economic sectors.

Result of scientific analysis: The analysis shows that ransomware has become a serious threat to various sectors, especially critical infrastructure, capable of paralysing the activities of institutions and causing data leaks.

Conclusions, innovations, recommendations: The author emphasise the urgent need to strengthen security and user education as key defence strategies. They also recommend regular backups and international cooperation in the field of cyber security. The article brings new knowledge on strategies to counter ransomware and highlights the need for continuous development of security technologies in response to growing digital threats.

Keywords:

ransomware , critical infrastructure , critical infrastructure security , financial system

JEL Codes

L89

Download files

pdf (Język Polski) pdf

Citation rules

Król, P. (2025). Ransomware as a threat to the security of critical infrastructure, with a focus on the financial system. Safe Bank, 98(1), 97–105. https://doi.org/10.26354/bb.5.1.98.2025

Cited by / Share

Licence

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Most read articles by the same author(s)

Patryk Król, Phishing as the main threat to digital banking security , Safe Bank: Vol. 94 No. 1 (2024)
Patryk Król, Skimming as a threat to mobile banking security , Safe Bank: Vol. 96 No. 3 (2024)
Patryk Król, Bibliometric analysis of phishing , Safe Bank: Vol. 101 No. 4 (2025)

References

Allodi, L. i Massacci, F. (2014). Comparing vulnerability severity and exploits using case-control studies. ACM Transactions on Information and System Security (TISSEC), 17(1), 1-20.
Google Scholar

Beaman, C., Barkworth, A., Akande, T. D., Hakak, S., & Khan, M. K. (2021). Ransomware: Recent advances, analysis, challenges and future research directions. Computers & security, 111, 102490.
Google Scholar

CERT (2017). WannaCry Ransomware, Pobrano z: https://cert.pl/posts/2017/05/wannacry-ransomware/ Dostęp: 12.07.2024
Google Scholar

CERT (2021). Poradnik ransomware
Google Scholar

CERT (2024). Raport roczny z działalności CERT POLSKA 2023.
Google Scholar

CERT Orange Polska (2024). Raport CERT Orange za 2023 rok.
Google Scholar

Cobb, C., Cobb, S., Kabay, M. E. i Crothers, T. (2012). Penetrating computer systems and networks. Computer Security Handbook, 15-1.
Google Scholar

ENISA (2020), Ransomware ENISA Threat Landscape.
Google Scholar

ENISA (2023), ENISA Threat Lanscape: Health Sector
Google Scholar

Garg, D., Thakral, A., Nalwa, T. i Choudhury, T. (2018). A past examination and future expectation: Ransomware. In 2018 International Conference on Advances in Computing and Communication Engineering (ICACCE) (pp. 243-247). IEEE.
Google Scholar

Król, P. (2024). Phishing jako zagrożenie dla bezpieczeństwa bankowości cyfrowej. Bezpieczny Bank, 94(1), 25–42. https://doi.org/10.26354/bb.2.1.94.2024
Google Scholar

Kshetri, N. i Voas, J. (2017). Do crypto-currencies fuel ransomware?. IT professional, 19(5), 11-15.
Google Scholar

Liu, Y., Zhuge, J. i Wu, Y. (2018). Threat and defense of new ransomware worm in industrial control system. Journal of Computer Applications, 38(6), 1608.
Google Scholar

NCC (2021). “We wait, because we know you.” Inside the ransomware negotiation economics. Pobrano z: https://research.nccgroup.com/2021/11/12/we-wait-because-we-know-you-inside-the-ransomware-negotiation-economics/ (Dostęp: 06.07.2024)
Google Scholar

Niebezpiecznik.pl (n.d.) Masz Androida? Uważaj na ataki drive-by-download Pobrane z: https://niebezpiecznik.pl/symantec/masz-androida-uwazaj-na-ataki-drive-by-download/ (Dostęp: 06.07.2024 r.)
Google Scholar

O'Gorman G. i McDonald, G. (2012). Ransomware: A growing menace. Arizona, AZ, USA: Symantec Corporation.
Google Scholar

O'Kane, P., Sezer, S. i Carlin, D. (2018). Evolution of ransomware. Iet Networks, 7(5), 321-327.
Google Scholar

Paul Joseph, D. i Norman, J. (2020). A review and analysis of ransomware using memory forensics and its tools. In Smart Intelligent Computing and Applications: Proceedings of the Third International Conference on Smart Computing and Informatics, Volume 1 (pp. 505-514). Springer Singapore.
Google Scholar

Rządowe Centrum Bezpieczeństwa. (2023). Narodowy Program Ochrony Infrastruktury Krytycznej: Załącznik 1. Standardy służące zapewnieniu sprawnego funkcjonowania infrastruktury krytycznej – dobre praktyki i rekomendacje. https://www.gov.pl/attachment/02553b90-184a-42c5-8445-5f9b1f0b74ee
Google Scholar

Sekurak.pl (2021). Ransomware i wyciek w gminie Nowiny. Pobrano z: https://sekurak.pl/ransomware-i-wyciek-w-gminie-nowiny/ (Dostęp: 06.07.2024)
Google Scholar

Sekurak.pl (2022a). Szpital Matki Polki w Łodzi zainfekowany ransomware. Informują również o „możliwym wycieku”. Pobrano z: https://sekurak.pl/szpital-matki-polki-w-lodzi-zainfekowany-ransomware-informuja-rowniez-o-mozliwym-wycieku/ (Dostęp: 06.07.2024)
Google Scholar

Sekurak.pl (2022b). Ransomware w szpitalu w Pajęcznie: Nastąpiła „niespodziewana awaria systemu informatycznego”. Pobrano z: https://sekurak.pl/ransomware-w-szpitalu-w-pajecznie-nastapila-niespodziewana-awaria-systemu-informatycznego/ (Dostęp: 06.07.2024)
Google Scholar

Sekurak.pl (2023). Cyberatak na Centralny Szpital Kliniczny Uniwersytetu Medycznego w Łodzi Pobrano z: https://sekurak.pl/cyberatak-na-centralny-szpital-kliniczny-uniwersytetu-medycznego-w-lodzi/ (Dostęp:06.07.2024)
Google Scholar

Simoiu, C., Bonneau, J., Gates, C. i Goel, S. (2019). " I was told to buy a software or lose my computer. I ignored it": A study of ransomware. In Fifteenth symposium on usable privacy and security (SOUPS 2019) (pp. 155-174).
Google Scholar

Singhal, M. i Levine, D. (2019, October). Analysis and categorization of drive-by download malware. In 2019 4th International Conference on Computing, Communications and Security (ICCCS) (pp. 1-4). IEEE.
Google Scholar

Snoke, T. D. i Shimeall, T. J. (2020). An updated framework of defenses against ransomware. Technical report, Carnegie-Mellon Univ Pittsburgh, PA.
Google Scholar

Vol. 98 No. 1 (2025)
Published: 2025-05-09

ISSN: 1429-2939

eISSN: 2544-7068

10.26354

Publisher

Bankowy Fundusz Gwarancyjny

Licence CC

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Submit

-->