According to data from ESET, in the first half of 2025, Poland ranked first globally in the number of detected ransomware attacks, accounting for 6% of all global incidents—surpassing even the United States. Ransomware, a type of malicious software that encrypts data and demands payment for its release, has long been one of the most serious threats in cyberspace. Worldwide, the number of detected ransomware attacks rose by 30%, yet the total value of ransoms paid decreased by 35%. This decline is attributed in part to law enforcement efforts and a decreasing level of “trust” in cybercriminal groups. For Polish businesses, this is a clear signal that investment in cybersecurity should now be a top priority.

The Human Factor: Internal Weaknesses in Polish Companies

Poland’s high position in ransomware detection rankings is not solely the result of external threats. It also stems largely from internal weaknesses within domestic companies. Only 59% of Polish businesses report using security software—meaning over one-third operate without this essential layer of cyber protection. The scale of the issue is highlighted by the fact that 88% of organizations in Poland have experienced a cyberattack or data breach in recent years.

These technological gaps are compounded by a significant lack of basic cybersecurity knowledge among employees. Only 19% of employees in Poland understand the term “ransomware.” By comparison, identity theft (78%) and phishing (60%) are much more widely recognized. This low awareness level makes organizations particularly vulnerable to cybercriminal tactics. The problem is worsened by a widespread lack of training: over half (52%) of Polish employees have not attended any cybersecurity training in the past five years. While training is cited as an investment priority, only 26% of employees have completed more than one training during that time.

“Cybersecurity budgeting and spending are often driven by factors other than business strategy. Unlike IT infrastructure investments—which business leaders now associate with growth after years of digitalization—cybersecurity investments are often prompted by external pressures like government regulations or business partner requirements. Companies that experience incidents tend to increase cybersecurity spending. These scenarios show that decision-makers still lack conviction about the role cyber resilience plays in organizational development, often increasing budgets only after suffering losses. This reactive approach reveals a low level of awareness about the importance of cybersecurity,” says Dawid Zięcina, Technical Department Director at DAGMA IT Security.

The Evolving Threat Landscape

The ransomware world is currently highly unstable, mainly due to intense rivalries between cybercriminal groups. Experts even describe this as a “life-or-death battle” among cyber gangs. For instance, in March 2025, the DragonForce group disrupted the operations of a major criminal platform, RansomHub, which offers ransomware-as-a-service—a model where criminals lease attack tools to other hackers.

These internal conflicts haven't stopped threat actors from developing increasingly sophisticated attack methods. One of the fastest-growing threats is the ClickFix technique, whose use has surged by 517% in the past six months, making it the second most common attack vector after phishing.

“ClickFix is based on a fake error message designed to resemble familiar verification windows like reCAPTCHA, which ask users to select images or enter text to prove they’re not bots. Cybercriminals mimic this format to trick victims into copying and running a malicious script on their device—under the pretense of fixing a problem or completing verification. In doing so, unsuspecting users activate dangerous code that can lead to ransomware infections, trojans, or data-stealing programs,” explains Kamil Sadkowski, ESET malware analyst.

Notably, in the first half of 2025, ransomware campaigns using ClickFix have already impersonated popular business tools like Microsoft Teams. With employee awareness of ransomware still low, this method could prove especially effective.

How to Effectively Protect Your Company

With cyberattacks growing more advanced and Poland increasingly targeted by cybercriminals, investing in strong cybersecurity is no longer optional—it’s essential. Effective protection against ransomware requires a multi-layered approach that combines technology, policy, and employee awareness.

Mandatory, regular training should be implemented across all levels of an organization to help employees recognize threats like phishing and newer social engineering tactics. Equally important is the implementation and enforcement of clear security policies, along with periodic exercises and attack simulations to test team readiness.

Technological investments are also crucial. At the foundation lies the widespread adoption of up-to-date antivirus software, complemented by modern tools such as EDR/XDR systems that can detect unusual system activity.

“Multi-factor authentication (MFA) should now be standard, as it significantly hinders account takeovers even in the event of a data breach. Regular backups—stored in isolated, secure locations—are also vital. Finally, companies should use only trusted software sources and apply role-based permissions to reduce the risk of infection,” emphasizes Kamil Sadkowski.

Poland has been in cybercriminals’ crosshairs for some time—and there’s no sign that this trend will reverse anytime soon. These threats impact public institutions, private users, and businesses alike. That’s why organizations must build resilience proactively, treating digital security as an integral part of their development strategy.

(WBJ)