US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10

EMEA Region

ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43


Grandmetric LTD
Office 584b
182-184 High Street North
E6 2JA
+44 20 3321 5276

  • en
  • pl
  • The 5 most dangerous ransomware attacks in Poland. Is your company really safe?

    The 5 most dangerous ransomware attacks in Poland. Is your company really safe?

    Date: 04.04.2023

    Category: Security

    According to the portal, ransomware gangs steal huge amounts of data monthly – over 10 terabytes. To better illustrate this – 10 TB is 10,000 hours of Full HD video (each hour is about 1GB) or 2,500 hours of 4K video. It’s imaginative, isn’t it?

    We know from the KPMG report “Cybersecurity Barometer 2022” that almost 2/3 of the surveyed organizations reported security breaches, and almost 1/3 admitted that they had been the victim of a ransomware attacks in the past.

    Cyberattacks are common today. The most technologically advanced companies become the prey of hackers. The question today is not “if?” but “when?” there will be a cyberattack in the organization. There are no safeguards to guarantee security, making investments in security monitoring and response to cyberattacks critical. Only thanks to them it is possible to shorten the time in which an undetected hacker works with impunity in the company’s infrastructure. Time, which is currently on average over half a year and is strongly correlated with the level of losses incurred.

    -Michał Kurek, Head of the Cybersecurity Team at KPMG in Poland and Central and Eastern Europe

    In 2022, even 69%  of Polish companies recorded at least one cybersecurity breach incident
    According to managers, ransomwareis now the greatest cybersecurity threat
    In 2022 , 1/3 firmsrecorded an increase in the intensity of cyberattacks on their systems

    What is ransomware?

    Ransomware is nothing more than malicious software with which criminals block access to data or computer systems. Their most common motivation is quick money, so they demand a ransom from the victim in exchange for data decryption.

    Ransomware attacks are becoming more common and technologically advanced, and their effects can be extremely serious for victims. It is important to protect especially company systems and data against this type of cyberattack with appropriate safeguards – starting with the simplest ones, such as regular updates, antivirus software, firewalls, as well as routine data backup.

    What does a typical ransomware cyberattack look like?

    1. Infection – Attackers usually use malware (e.g. a Trojan) to detect vulnerabilities in the victim’s system and gain access to the system. Malware is usually hidden in e-mail attachments, enticing advertisements or fake websites.
    1. Encryption – Once the malware gains access to the system, it encrypts the victim’s data such as files, folders, databases, and even entire hard drives. Victims are often warned by attackers that their data is locked and they will have to pay tribute to regain access.
    1. Blackmail – Hackers contact the victim and demand money in exchange for a decryption key that will allow the victim to regain access to their data. They often request payments in cryptocurrencies or other forms that are difficult to track and identify. They may also threaten to resell the stolen data to other criminals or entities competing with the victim.
    1. Ransom Phishing – After paying ransom money, attackers often refuse to unlock data or require further payments. Their goal is to extort as much money from the victim as possible, which is why they often use emotional blackmail and even threats to force the victim to pay more protection money.

    The number of successful ransomware attacks has increased dramatically over the last few years. 60% of attacked organizations break under the pressure of cybercriminals and pay protection money.

    5 incidents from Poland show that hackers have no sentiments and will not spare anyone

    Their victims are not only “ordinary” enterprises, but also educational institutions, and even life-saving ones.

    Ransomware attack on the Polish Medical Air Rescue (February 2022)

    For over a week, Polish Medical Air Rescue units across the country were unable to use their computer systems, including those crucial for its operation, such as the system for sending information about ongoing interventions, website and e-mail. The cybercriminals demanded a ransom of USD 390,000, or about PLN 1.5 million.

    Cyberattack on the Institute of the Polish Mother’s Memorial Hospital in Łódź (November 2022)

    The target of hackers was the Institute of the Polish Mother’s Memorial Hospital in Łódź. In order to minimize the effects of the cyberattack, the hospital decided to temporarily disable its IT systems and serve patients using traditional paper documentation. This severely disrupted the normal functioning of the institution, delaying the issuance of medical records, discharge of patients and a number of other highly sensitive procedures.

    Cyberattack on the Marshal’s Office of the Mazowieckie Voivodeship (December 2022)

    Hackers encrypted access to the Electronic Document Management system at the Marshal’s Office of the Mazowieckie Voivodeship. This led to the disconnection of the project infrastructure of the Regional Node, and over 300 local government units lost access to it having to disconnect from the network. The Marshal’s Office also lost access to the personal data it administered. Their leaks and disclosure have not been officially confirmed, but the office informed that “there is a high probability that the data processed in the systems affected by the incident are in the possession of third parties.”

    Cyberattack on the University of Arts Magdalena Abakanowicz in Poznań (January 2023)

    After breaking the security, the hackers compromised the protection of information on several hundred employees and collaborators of the university. Such sensitive personal data as names, addresses or the series and number of the ID card were exposed to the leak. The attack led to a several-day blockade of the university’s IT infrastructure, and the endangered server environment supporting the HR and payroll system had to be eliminated and rebuilt. This was made possible by the existence of a backup.

    Cyberattack on the Silesian Public Services Card system (February 2023)

    Cybercriminals attacked the system of the Silesian Card of Public Services, used, among others, to pay for parking or public transport tickets in the Metropolis of Upper Silesia and Zagłębie. The lockdown disrupted the daily lives of nearly 2 million people in the area for almost two weeks. The system was restored using daily backups, and passengers’ personal data was not at risk simply because the system did not collect it.

    What can be the risk of data loss due to ransomware attacks?

    A cyberattack related to the violation of personal data protection rules, i.e. data theft, may entail a number of unpleasant consequences.

    If you don't regularly back up your corporate data, you canlose access to them. Forever
    Cybercriminals can impersonate us to obtain further data using phishing or spoofing techniques
    Stolen personal data can be used to extort credits and loans or commit other serious crimes
    Our confidential or compromising data can be used to commit further crimes or sold on the black market
    It disrupts or stops business operations for a long time, and can even lead to bankruptcy and the end of the attacked company's existence
    Undoubtedly, it affects the reputation of the company and the loss of trust of customers and contractors
    Making personal data public means severe penalties imposed on entities that have insufficiently secured information subject to protection under the GDPR
    Racketeering, data recovery, restoring the operation of the infected infrastructure, hiring cybersecurity specialists, loss of business revenues cost money. And that's a lot

    How to protect yourself against ransomware?

    Back up your data regularly

    Preferably on external hard drives or in the cloud. Ideally – according to the 3-2-1 rule. For all data, create three copies, on two different storage media, with one copy stored off-site.

    Do not open suspicious links and email attachments

    Especially if they are sent by unknown people, from suspicious domains or contain time-limited, extremely tempting offers. Avoid downloading software from dubious sources. You can use DNS protection to avoid risk.

    Keep your software and operating system up to date

    Regularly use the latest security releases and hardware manufacturer support. Take care of the hygiene of your network and properly manage access permissions to corporate resources.

    Use a firewall and antivirus software

    Remember to guarantee protection on all edge devices. Check what next-generation firewalls can do for you.

    Create response procedures in the event of a hacker attack

    Make sure that your company’s cybersecurity policy knows what to do when unwanted visitors appear online.

    Create and enforce a policy to only use company-owned, trusted hardware

    If it is not necessary, let employees not use private devices or data carriers in the company. Their status and condition are a mystery to you, and they can easily become a source of infection. NAC systems and software capable of blocking unauthorized data carriers will effectively help in achieving this goal.

    Hackers around the world are not idle, initiating about 2 million attacks a year using the latest technologies. The authors of the Accenture report “State of Cybersecurity Resilience 2021” estimated that in 2023 the global cost of cybercrime will exceed $11 trillion, to double in 2027 and reach almost $24 trillion.

    It must not be forgotten that intensive digitization and the use of the network in subsequent spheres of life are associated with an increased need for continuous, active defence against cyber threats. Neglecting in the field of IT security is basically opening the door wide to our business and inviting cybercriminals to earn money at our expense. Protect yourself against them so that you don’t have to learn from your mistakes.

    Do you want to be able to effectively resist a ransomware cyberattack? Talk to our experts during a free consultation and learn more about effective cyber protection.


    Magdalena Sikorska

    Marketing Specialist at Grandmetric

    Leave a Reply

    Your email address will not be published. Required fields are marked *