Ransomware jako zagrożenie dla bezpieczeństwa infrastruktury krytycznej, ze szczególnym uwzględnieniem systemu finansowego

Patryk Król

doi:10.26354/bb.5.1.98.2025

Published : 2025-05-09

Vol. 98 No. 1 (2025)

Ransomware as a threat to the security of critical infrastructure, with a focus on the financial system

Patryk Król

https://orcid.org/0000-0003-4079-8849

DOI: https://doi.org/10.26354/bb.5.1.98.2025

Abstract

Scientific objective: This article aims to summarise the contemporary knowledge of ransomware threats and to examine their impact on critical infrastructure in Poland.

Research problem and methods: The research problem is to analyse the growing threat of ransomware, especially in the context of its impact on public and private institutions. Research methods include a critical analysis of the literature and case studies of actual attacks.

Executive process: Based on a literature review and incident analysis, the paper discusses the stages of a ransomware attack, examples of known incidents in Poland and analyses the level of threat in different economic sectors.

Result of scientific analysis: The analysis shows that ransomware has become a serious threat to various sectors, especially critical infrastructure, capable of paralysing the activities of institutions and causing data leaks.

Conclusions, innovations, recommendations: The author emphasise the urgent need to strengthen security and user education as key defence strategies. They also recommend regular backups and international cooperation in the field of cyber security. The article brings new knowledge on strategies to counter ransomware and highlights the need for continuous development of security technologies in response to growing digital threats.

Keywords:

ransomware, critical infrastructure, critical infrastructure security, financial system

JEL Codes

L89

Most read articles by the same author(s)

Patryk Król, Phishing as the main threat to digital banking security , Safe Bank: Vol. 94 No. 1 (2024)
Patryk Król, Skimming as a threat to mobile banking security , Safe Bank: Vol. 96 No. 3 (2024)

Details

References

Statistics

Authors

Download files

pdf (Język Polski)

Citation rules

Król, P. (2025). Ransomware as a threat to the security of critical infrastructure, with a focus on the financial system. Safe Bank, 98(1), 97–105. https://doi.org/10.26354/bb.5.1.98.2025

Altmetric indicators

Cited by / Share

Licence

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

References

Allodi, L. i Massacci, F. (2014). Comparing vulnerability severity and exploits using case-control studies. ACM Transactions on Information and System Security (TISSEC), 17(1), 1-20.

Beaman, C., Barkworth, A., Akande, T. D., Hakak, S., & Khan, M. K. (2021). Ransomware: Recent advances, analysis, challenges and future research directions. Computers & security, 111, 102490.

CERT (2017). WannaCry Ransomware, Pobrano z: https://cert.pl/posts/2017/05/wannacry-ransomware/ Dostęp: 12.07.2024

CERT (2021). Poradnik ransomware

CERT (2024). Raport roczny z działalności CERT POLSKA 2023.

CERT Orange Polska (2024). Raport CERT Orange za 2023 rok.

Cobb, C., Cobb, S., Kabay, M. E. i Crothers, T. (2012). Penetrating computer systems and networks. Computer Security Handbook, 15-1.

ENISA (2020), Ransomware ENISA Threat Landscape.

ENISA (2023), ENISA Threat Lanscape: Health Sector

Garg, D., Thakral, A., Nalwa, T. i Choudhury, T. (2018). A past examination and future expectation: Ransomware. In 2018 International Conference on Advances in Computing and Communication Engineering (ICACCE) (pp. 243-247). IEEE.

Król, P. (2024). Phishing jako zagrożenie dla bezpieczeństwa bankowości cyfrowej. Bezpieczny Bank, 94(1), 25–42. https://doi.org/10.26354/bb.2.1.94.2024

Kshetri, N. i Voas, J. (2017). Do crypto-currencies fuel ransomware?. IT professional, 19(5), 11-15.

Liu, Y., Zhuge, J. i Wu, Y. (2018). Threat and defense of new ransomware worm in industrial control system. Journal of Computer Applications, 38(6), 1608.

NCC (2021). “We wait, because we know you.” Inside the ransomware negotiation economics. Pobrano z: https://research.nccgroup.com/2021/11/12/we-wait-because-we-know-you-inside-the-ransomware-negotiation-economics/ (Dostęp: 06.07.2024)

Niebezpiecznik.pl (n.d.) Masz Androida? Uważaj na ataki drive-by-download Pobrane z: https://niebezpiecznik.pl/symantec/masz-androida-uwazaj-na-ataki-drive-by-download/ (Dostęp: 06.07.2024 r.)

O'Gorman G. i McDonald, G. (2012). Ransomware: A growing menace. Arizona, AZ, USA: Symantec Corporation.

O'Kane, P., Sezer, S. i Carlin, D. (2018). Evolution of ransomware. Iet Networks, 7(5), 321-327.

Paul Joseph, D. i Norman, J. (2020). A review and analysis of ransomware using memory forensics and its tools. In Smart Intelligent Computing and Applications: Proceedings of the Third International Conference on Smart Computing and Informatics, Volume 1 (pp. 505-514). Springer Singapore.

Rządowe Centrum Bezpieczeństwa. (2023). Narodowy Program Ochrony Infrastruktury Krytycznej: Załącznik 1. Standardy służące zapewnieniu sprawnego funkcjonowania infrastruktury krytycznej – dobre praktyki i rekomendacje. https://www.gov.pl/attachment/02553b90-184a-42c5-8445-5f9b1f0b74ee

Sekurak.pl (2021). Ransomware i wyciek w gminie Nowiny. Pobrano z: https://sekurak.pl/ransomware-i-wyciek-w-gminie-nowiny/ (Dostęp: 06.07.2024)

Sekurak.pl (2022a). Szpital Matki Polki w Łodzi zainfekowany ransomware. Informują również o „możliwym wycieku”. Pobrano z: https://sekurak.pl/szpital-matki-polki-w-lodzi-zainfekowany-ransomware-informuja-rowniez-o-mozliwym-wycieku/ (Dostęp: 06.07.2024)

Sekurak.pl (2022b). Ransomware w szpitalu w Pajęcznie: Nastąpiła „niespodziewana awaria systemu informatycznego”. Pobrano z: https://sekurak.pl/ransomware-w-szpitalu-w-pajecznie-nastapila-niespodziewana-awaria-systemu-informatycznego/ (Dostęp: 06.07.2024)

Sekurak.pl (2023). Cyberatak na Centralny Szpital Kliniczny Uniwersytetu Medycznego w Łodzi Pobrano z: https://sekurak.pl/cyberatak-na-centralny-szpital-kliniczny-uniwersytetu-medycznego-w-lodzi/ (Dostęp:06.07.2024)

Simoiu, C., Bonneau, J., Gates, C. i Goel, S. (2019). " I was told to buy a software or lose my computer. I ignored it": A study of ransomware. In Fifteenth symposium on usable privacy and security (SOUPS 2019) (pp. 155-174).

Singhal, M. i Levine, D. (2019, October). Analysis and categorization of drive-by download malware. In 2019 4th International Conference on Computing, Communications and Security (ICCCS) (pp. 1-4). IEEE.

Snoke, T. D. i Shimeall, T. J. (2020). An updated framework of defenses against ransomware. Technical report, Carnegie-Mellon Univ Pittsburgh, PA.