Malaysia’s burgeoning digital economy, pivotal to its Vision 2024 ambitions, faces an unprecedented challenge: ransomware. As local enterprises navigate the complexities of digital transformation, the spectre of ransomware looms large, threatening to derail progress.

This article offers a comprehensive exploration of the ransomware threats besieging Malaysian businesses, spotlighting the perilous impact of it. We illuminate the path forward for businesses grappling with this digital menace through expert insights and analysis.

Targeted at industry leaders and cybersecurity professionals, the piece unpacks the nature of ransomware, prescribes actionable strategies to fortify defences and how IGS can help you on your journey to ensure robust protection against ransomware.

Whether you are at the helm of a financial powerhouse or steering a tech startup, understanding, and mitigating ransomware risks is critical for safeguarding your digital future.


Ransomware Attack Landscape in APAC

Ransomware continues to grow as one of the top cybersecurity concerns Malaysian organisations face. A report from Zscaler reveals that ransomware attacks increased by over 37% in 2023 compared to the previous year, with a $5.3 million average demand.

Ransomware attacks constantly evolve, with attackers continually developing new techniques to overcome the increasingly innovative cybersecurity technologies. The 2023 midyear cybersecurity report by Trend Micro notes that threat actors now use new compiling ransomware programming language to avoid detection and make analysis harder.

The leading causes of ransomware attacks included exploited vulnerabilities, compromised credentials, malicious emails, phishing attacks, brute force attacks, and infected downloads. The growing rate of ransomware attacks and the evolution of adversaries’ attack tactics worldwide and in Malaysia signifies the importance of organisations implementing robust cybersecurity protection measures.


The Origins of Ransomware

What is ransomware?

Ransomware is malicious software designed to block computer systems or data access until money is paid. This cyber extortion tool often encrypts the victim’s files, making them inaccessible, and demands a ransom for the decryption key. It’s a digital shakedown that exploits the vulnerabilities of digital systems, targeting various sectors, including businesses, healthcare, and government agencies. Its sophistication and the ease with which it can be deployed make it a favoured weapon among cybercriminals.

The concept of ransomware is not new. The first documented case dates to 1989 with the AIDS Trojan, also known as the PC Cyborg Virus.

Initially, ransomware was distributed via physical means, such as floppy disks, and demanded payments via snail mail. However, ransomware attacks have grown exponentially with the advent of the internet and digital payment systems.

They have evolved from simple locker viruses, which restricted access to the system, to more advanced crypto ransomware, which encrypts individual files and demands payment in cryptocurrencies.


5 Types of Ransomware Threats That Haunt Businesses In Malaysia

1. Ransomware-as-a-Service (RaaS)

Ransomware-as-a-Service (RaaS) has revolutionised the cybercrime landscape by making sophisticated cyberattacks accessible to individuals without extensive technical skills. This model operates on a subscription basis, offering ransomware tools with user-friendly interfaces and dedicated customer support. These tools’ ease of use and availability have dramatically increased the number of ransomware attacks.

How Does RaaS Attacks Happen?

A business in Malaysia, for example, could find itself the target of an attacker who, with little effort, subscribes to a RaaS platform to exploit the business’s vulnerable IT infrastructure. The data becomes encrypted, operations are disrupted, and a significant ransom is demanded to return critical information.

This trend is underscored by the activities of groups like Lockbit 3.0, a Russian-linked ransomware gang responsible for most RaaS attacks in Malaysia following the start of the Russian-Ukraine war in 2022.

2. Lockers

Locker ransomware focuses on denying users access to their devices by locking them out of the operating system. This approach disrupts operations by preventing access to essential systems and data.

How Does Locker Ransomware Attack Happen?

When activated, it displays a ransom note directly on the screen at startup, effectively paralysing an organisation by holding its operational capabilities hostage.

The danger of such attacks is underscored by past incidents where significant entities, such as one of Malaysia’s leading media company, faced demands for USD 6.45 million to restore access to their email systems.

3. Scareware

Scareware is a cunning threat that preys on an individual’s and business’s fears by presenting fake warnings about non-existent security breaches.

This tactic involves displaying fictitious antivirus alerts or system cleanup prompts designed to look alarmingly real. Users are bombarded with these deceptive notifications, urging them to hastily pay for unnecessary “security” services or software to resolve the supposed issues.

How Does Scareware Ransomware Attack Happen?

A typical scenario might see an unsuspecting user confronted with a dire warning of a detected virus, leading them to purchase a so-called premium antivirus solution, only to later discover their system was never compromised.

Launched amidst the 2020 COVID pandemic, the Cryxos scareware campaign targeted Windows users with alarming pop-ups about fabricated pandemic-related security threats, exploiting widespread anxiety to trick victims into buying bogus security software.

The effectiveness of scareware lies in its ability to exploit human psychology, leveraging the instinctive response to a perceived threat to extract money under false pretences.

4. Crypto Ransomware

Crypto Ransomware uses a robust cryptographic algorithm encryption to lock files, making them inaccessible without a decryption key. This threat has led to significant attacks impacting individual and company data. It often spreads through phishing emails or harmful downloads.

How Does Crypto Ransomware Attack Happen?

For example, imagine an employee of a leading bank in Malaysia clicking on what looks like a legitimate email only to have sensitive customer data encrypted.

The bank must then decide whether to pay the ransom to get the data back or face losing customer trust and possible legal issues.

In 2021, the CryptoLocker ransomware group attacked over a million systems leveraging the Gameover Zeus botnet. The ransom demanded by victims was relatively modest, ranging from USD 100 to $300, with payment accepted in various digital currencies.

5. Extortionware, Doxware or Leakware

Doxware, or Leakware, poses a unique threat by holding sensitive information hostage, with attackers threatening to release it unless a ransom is paid. This type of ransomware focuses on personal and corporate data, leveraging the fear of reputational damage and potential legal repercussions to enforce its demands. The urgency is amplified by time-sensitive ransom demands.

How Does Extortion, Doxware or Leakware Attack Happen?

To illustrate, in a scenario where a Malaysian law firm is compromised by Doxware, the firm faces a dire choice between paying a hefty ransom or risking the exposure of confidential client information, leading to a breach of confidentiality.

Such attacks are not mere threats but are executed with sophistication, as seen with Clop ransomware activities orchestrated by threat actors like TA505. These attackers employ a mix of phishing, remote access trojans (RATs), lateral movement within networks, data theft, encryption, and public exposure of stolen data on platforms like the “CL0P^_- LEAKS” site.

Uncertainty exists even after making the ransom payment as the threat actor may decide to sell the data on the black market or return to make further demands.


How does ransomware affect businesses in Malaysia?

A survey done by Fortinet and International Data Corporation found that over 50% of organisations in Malaysia have reported that ransomware attacks has increased two-fold. Phishing was also ranked as the main cyber threat in the country by 54% of the respondents of the same survey.

It is evident that ransomware poses a significant threat to businesses, both large and small. It can encrypt critical business data upon successful infiltration, making it inaccessible and halting operations. This disruption can lead to substantial financial losses, not just from the ransom demanded but also from the impact on business continuity.

The longer the data remains inaccessible, the greater the potential loss. Furthermore, businesses may suffer reputational damage if stakeholders perceive cybersecurity measures as inadequate.

An analysis of ransomware groups’ campaigns reveals a disturbing trend: in a staggering 85.2% of cases, attackers follow through with their threats, exposing victim companies’ data. This is evident from the pie chart. In contrast, a mere 14.8% of cases involve only announcements, likely intended to intimidate or for public posturing, without actual data exposure.

Figure 1. Percentage of ransomware attackers that follow through with their threats.

The same analysis highlighted particular sectors in Malaysia that have been targets for ransomware attack; these industries include manufacturing, education, logistics, banking and others. It is important to note that industries or sectors experiencing the effects of ransomware are widely diverse; malicious actors tend to cast a wide net to infiltrate different types of organisations.

The pervasiveness of ransomware attacks necessitates a heightened sense of vigilance across all organizational scales. The aftermath of a ransomware attack often extends beyond the immediate financial impact, leading to a comprehensive evaluation of cybersecurity practices and, in many cases, regulatory scrutiny.

Regardless of the perceived magnitude of the attack, even seemingly minor incidents can trigger a cascading effect of disruptions, impacting not only the targeted entity but also the broader ecosystem and economic stability.


The future of ransomware threats in Malaysia

Encryptionless Ransomware Attacks

The rise in encryptionless ransomware attacks in recent years reflects a strategic pivot by cybercriminals, focusing on data exfiltration to streamline profit generation. This method circumvents the complexities of encryption and decryption, facilitating quicker financial extortion without the need for sophisticated software development.

AI-powered ransomware attacks

AI-enhanced phishing techniques are pushing ransomware attacks to unprecedented efficiency and frequency. This surge is driven by AI’s capability to automate and refine attack vectors, making these cyber threats more elusive and successful. This signalling an era where artificial intelligence significantly amplifies cybercriminal capabilities.

New Ransomware-as-a-Service (RaaS) offerings

Ransomware-as-a-Service (RaaS) platforms are democratising the ability to launch ransomware attacks, significantly lowering the technical barrier for entry. By offering ransomware deployment tools on a subscription basis, RaaS is fuelling a rise in ransomware incidents by making these resources readily accessible to a broader audience.

Attacks on cloud services

As businesses increasingly rely on cloud-based operations, the attack surface expands, leading to a surge in incidents exploiting cloud infrastructures. This trend reflects the evolving landscape of cyber threats, where cloud vulnerabilities are becoming a primary focus for attackers.

There’s a rising trend in cloud-based security incidents, as evidenced in a security report in 2022. It notes that 26% of respondents have observed a spike in malware incidents, 25% have seen an uptick in ransomware attacks, and 19% have reported a growth in phishing and whaling activities.


Preventative measures and best practices to keep your business secure from ransomware threats

Multi-Factor Authentication

Multi-factor authentication adds an extra layer of security by requiring two or more verification factors to access digital resources. This method combines something you know (like a password), something you have (like a smartphone), and something you are (like a fingerprint).

Elevate your security measures to new heights with IGS’s MFA offering, the ultimate defence against ransomware threats. By adding an essential layer of verification, our solution fortifies your defences, drastically minimizing the risk of unauthorized access—a prevalent gateway for ransomware attacks.

Imagine a scenario where a password is compromised. With MFA, the breach stops there, as the attacker lacks the second factor to proceed, significantly reducing the risk of unauthorised access.

Safeguard your data and assets with confidence, knowing that IGS is your trusted ally in the fight against cyber threats.

Protect & Managed Endpoints

Endpoints – like laptops, mobile phones, and tablets – are gateways to your network. Protecting and managing these devices through endpoint security software helps identify, block, and contain attacks.

Unlock the power of unparalleled endpoint protection with IGS’s innovative EPP offerings. Seamlessly integrating comprehensive endpoint protection, including EDR, application control, and vulnerability management. Our solution forms an impenetrable shield around all endpoints.

This solution scans for malware and unusual behaviour patterns, ensuring devices comply with security policies. For instance, if an employee’s device is compromised, the software can isolate the device to prevent the spread of the threat.

Experience the peace of mind that comes with proactive defence mechanisms, enabling early threat detection and rapid response times, ultimately fortifying your business’s most critical assets.

Employ Network Security Solutions

Inadequate network defences put organizations at risk of ransomware infiltrations, endangering sensitive data and critical operations. Therefore, securing the network perimeter is essential for any comprehensive cyber defence strategy.

Whether it is a firewall that acts as a security guard between your network and the internet, monitoring incoming and outgoing traffic based on security rules or an Intrusion Prevention System that analyse network traffic to identify malicious activities and automatically block attacks.

Our Network Security offerings employ next-generation firewalls and intrusion prevention systems to create a formidable barrier against malicious traffic. By monitoring and empowering you with full access management to your network, IGS ensures that threats are neutralised before they can cause harm, protecting your infrastructure from the edge inward.

Extended Detection and Response (XDR)

XDR provides a holistic view of threats across all endpoints, networks, and cloud services by integrating various security solutions.

XDR correlates data from multiple sources to detect threats more accurately and respond faster.

IGS offers XDR solutions that seamlessly collect and correlate data across multiple security layers including email, endpoint, server, cloud workload, and network. By enhancing threat detection and accelerating response times, our integrated approach ensures a higher level of security analysis and incident resolution.

For example, if a phishing email bypasses initial defences, XDR can quickly identify and quarantine the email, minimising potential damage.

Email Security Gateways

Email Security Gateways protect against threats transmitted via email by blocking spam, phishing attacks, and malware.

Email is a common attack vector, so a gateway serves as a crucial barrier. Picture a scenario where a malicious email is intercepted before reaching the recipient, thus averting a potential data breach.

IGS’s advanced solution serves as a vigilant gatekeeper, intercepting malicious content before it infiltrates your network and wreaks havoc. By detecting and neutralizing potential ransomware gateways, we provide a robust defence against cyber threats. You can rest assured that your email communications are shielded with state-of-the-art protection, ensuring the integrity and security of your business operations.

Encrypt Data with Backup & Recovery Solution

Backup and recovery solutions are essential tools that ensure the safety and accessibility of data in the event of unexpected incidents such ransomware. These solutions create copies of data and store them securely, allowing businesses to restore information quickly and efficiently if it is lost or compromised. Therefore, effective backup and recovery solutions are critical for resilience and continuity.

IGS’s Backup & Recovery offerings provide secure, encrypted cloud backups and offsite data storage, ensuring your data is recoverable during an attack. With our comprehensive disaster recovery planning, minimize downtime and data loss, ensuring a seamless return to normal operations.

Use Reliable & Frequently Updated Software & Platforms

Ensuring your business uses reputable software and platforms and keeping them up to date is fundamental.

This practice patches vulnerabilities, reducing the risk of exploitation. For instance, a regularly updated financial management system can thwart an attack by exploiting an old vulnerability and safeguarding financial data.

IGS’s Tech Refresh service offers our expert team who can provide an analysis of your existing systems and crafts a personalized approach to upgrading legacy hardware, software, and platforms. By embracing the latest technologies and security protocols, we ensure that your infrastructure remains robust and fortified against emerging threat.



Embracing these best practices and fostering a culture of security awareness are essential steps towards defending against current threats and preparing for future uncertainties. The journey towards cybersecurity maturity is continuous, demanding vigilance and preparedness at every turn. In an era of evolving digital threats, these principles are the key to securing a safe and resilient digital future for businesses in Malaysia.

As businesses in Malaysia navigate the complex cybersecurity landscape, partnering with a trusted ally like IGS can provide peace of mind. As a leading managed services provider and system integrator, IGS offers secure end-to-end cybersecurity solutions to defend your business from evolving threats.

Talk to Us