Malware Threats

Ransomware Attacks

Ransomware has become one of the most devastating cyber threats facing individuals, businesses, and government agencies in Malaysia and around the world. This malicious software encrypts a victim's files or locks them out of their systems, then demands a ransom payment — often in cryptocurrency — in exchange for restoring access.

No one is immune. From hospital networks to school systems, from small businesses to government agencies, ransomware attackers target any organisation that relies on its data to operate. In Malaysia, the threat has grown sharply, with hundreds of incidents reported to CyberSecurity Malaysia in recent years.

What Is Ransomware?

Ransomware is a type of malicious software that denies access to a victim's data — typically by encrypting files — until a ransom is paid. Modern ransomware uses strong encryption algorithms that make it mathematically impossible to recover files without the decryption key held by the attacker.

Once executed on a system, ransomware often spreads rapidly across connected drives and network shares, encrypting every file it finds. Victims are presented with a ransom note containing payment instructions and often a countdown timer to pressure quick payment.

How Ransomware Spreads

Ransomware can infect systems through several common vectors:

  • Phishing Emails: The most common method — attackers send emails with malicious attachments (PDFs, Office documents, ZIP files) or links that download ransomware when clicked
  • Malicious Downloads: Fake software installers, cracked applications, and infected files from untrusted websites
  • RDP Attacks: Attackers scan the internet for systems with exposed Remote Desktop Protocol (RDP) ports and use brute force or stolen credentials to gain access
  • Drive-By Downloads: Visiting a compromised website can trigger automatic downloads of ransomware without any user interaction
  • Supply Chain Attacks: Malicious code is injected into legitimate software updates or tools used by the target

High-Profile Attacks in Malaysia

Malaysia has experienced several significant ransomware incidents in recent years:

Government Agencies: Multiple government departments have been targeted, with attackers exploiting unpatched vulnerabilities and weak network segmentation. These attacks disrupted public services and raised national security concerns.

Hospitals and Healthcare: Healthcare institutions in Malaysia have been hit hard, with ransomware attacks forcing hospitals to cancel surgeries, divert emergency patients, and revert to paper records. The disruption to critical care makes healthcare a particularly dangerous target.

Schools and Universities: Educational institutions have become prime targets due to limited cybersecurity budgets and large volumes of sensitive student and research data. Several Malaysian universities have suffered ransomware attacks that encrypted research data and student records.

The Double Extortion Model

Modern ransomware gangs have adopted a double extortion strategy. Before encrypting files, attackers exfiltrate sensitive data. If the victim refuses to pay the ransom to decrypt their files, the attackers threaten to leak the stolen data publicly. This puts additional pressure on organisations that handle sensitive customer or patient data.

Some attackers have even adopted triple extortion — adding distributed denial-of-service (DDoS) attacks or directly contacting customers, partners, and regulators to maximise pressure on the victim.

Ransomware Prevention Checklist

  • Maintain offline, encrypted backups of all critical data
  • Apply security patches and updates promptly
  • Use strong, unique passwords and enable multi-factor authentication
  • Never open suspicious email attachments or click unknown links
  • Segment networks to limit ransomware spread
  • Restrict administrative privileges to only those who need them
  • Install and maintain reputable antivirus and anti-malware software
  • Disable RDP if not needed; use VPN if remote access is required
  • Conduct regular cybersecurity awareness training for all staff
  • Develop and test an incident response plan

Why Paying the Ransom Is Not Recommended

Law enforcement agencies, including CyberSecurity Malaysia and the Royal Malaysia Police, strongly advise against paying ransoms. Here's why:

  • No guarantee: Paying does not guarantee you will get your data back. Some attackers take the money and disappear
  • Funding crime: Ransom payments fund further criminal activities, including attacks on other victims
  • Targeting repeats: Organisations that pay are often targeted again, as attackers know they are likely to pay
  • Legal risks: Paying a ransom to sanctioned entities may violate international sanctions laws

Protecting Against Ransomware

Backups are your best defence. Maintain regular backups of all critical data using the 3-2-1 rule: three copies of your data, on two different types of media, with one copy stored off-site or offline. Cloud backups with versioning provide an additional layer of protection against encrypted files being synced.

Keep systems updated. Ransomware often exploits known vulnerabilities in software and operating systems. Enabling automatic updates reduces your exposure to these attacks.

Be cautious with email. Verify unexpected emails, especially those with attachments or links. Look for signs of phishing — urgency, generic greetings, spelling errors, and mismatched sender addresses.

Use the principle of least privilege. Ensure users and systems have only the minimum access necessary to function. This limits the damage ransomware can do once inside your network.

What to Do If You Are Infected

If you suspect a ransomware infection:

  • Disconnect immediately: Isolate the infected device from the network and all drives to prevent the ransomware from spreading
  • Do not pay the ransom: There is no guarantee you will recover your data, and payment funds criminal activity
  • Report the incident: Contact CyberSecurity Malaysia's Cyber999 emergency response centre immediately at 1-800-88-2999 or report online
  • Preserve evidence: Do not reboot or shut down the infected system — this may destroy forensic evidence that could help investigators
  • Engage professionals: Work with cybersecurity experts to assess the extent of the infection and safely restore systems from backups

RM1 Billion+

Estimated annual losses from ransomware attacks in Southeast Asia

72%

Of Malaysian businesses reported ransomware attacks in the past year

RM450K

Average ransom demand faced by Malaysian organisations in 2025

Ahmad Razali

Ahmad Razali

Malware Research Lead

Ahmad Razali is a cybersecurity researcher specialising in malware analysis and ransomware defence. He contributes to the CyberSafe Malaysia editorial team, a cybersecurity awareness initiative by CyberSecurity Malaysia & NACSA dedicated to protecting Malaysians from digital threats.

← Back to Articles