Ransomware Attack

major ransomware attacks in malaysia

In Malaysia, ransomware attacks have become more frequent, and regrettably, not only the activity of skilled hackers is adding to the issue. Ransomware attackers are taking advantage of the lack of cybersecurity protection and holding crucial data for ransom.

Most businesses are reluctant to acknowledge that they have been victims of ransomware attacks because it could harm their company’s reputation. According to MyCERT, 1,023 cases were recorded in 2022 and the trend keeps increasing since 2005.

Read more: Cyber Crime in Malaysia.

Table of Contents

What Is Ransomware and How Ransomware Works

Ransomware is malicious software that can wreak havoc on computer systems by locking up essential files and demanding payment for their release. It’s a devastating cyberattack that can have severe consequences for individuals and businesses.

Once ransomware infection is in a computer system, it encrypts files and renders them inaccessible to the victim. The attackers then demand payment, typically in cryptocurrency, for a decryption key to unlock the files.

Ransomware is particularly insidious because it’s often spread through common channels making it difficult to detect before it’s too late. It can also spread rapidly throughout a network, infecting multiple systems simultaneously and causing widespread damage.

The Different Types of Ransomware Attacks

Ransomware attacks can be devastating, causing businesses to lose important data and suffer financial losses. There are several types of ransomware attacks, each with its unique characteristics and methods of operation.

The most common type of ransomware and typically encrypts files on the victim’s computer or network, rendering them inaccessible. The ransomware may use a variety of encryption algorithms to encrypt the files and may add a unique extension to the filenames.

Once the files are encrypted, the ransomware will display a message to the victim, typically demanding payment in exchange for a decryption key that can unlock the files. Examples of file-encrypting ransomware include CryptoLocker, Locky, and WannaCry.

This type of ransomware locks the victim’s system, preventing access to the operating system or applications. Victims may see a message displayed on their screen that demands payment in exchange for unlocking the system.

Unlike encryption ransomware, locker ransomware does not encrypt files but restricts access to the computer or network until the ransom is paid. Locker ransomware, such as WinLocker, is less common than file-encrypting ransomware, but it can still be damaging.

This type of ransomware modifies the MBR of the victim’s computer, preventing it from booting up properly. The MBR is the first sector of a hard drive and contains important information that is necessary for the computer to start up.

The ransomware may replace the MBR with its own code, which will display a message to the victim demanding payment to restore the MBR and allow the victim to regain access to their computer. Examples of MBR ransomware include Petya and Satana.

Mobile ransomware targets mobile devices and may lock the device or encrypt the data stored on it. Mobile ransomware is becoming more common as more people use mobile devices for sensitive transactions and storing important data on them.

Mobile ransomware may be distributed through malicious apps or websites and may demand payment in cryptocurrency. Examples of mobile ransomware include Lockerpin and SimpleLocker.

When attackers sell or rent out the ransomware to other cybercriminals to carry out attacks it is called ransomware as a service. RaaS has made it easier for less technical cybercriminals to launch ransomware attacks on their victims.

RaaS may operate on a commission basis, with the RaaS provider taking a percentage of the ransom payments. The most famous RaaS provider include Cerber.

This type of ransomware threatens to launch a distributed denial-of-service (DDoS) attack against the victim’s website or network unless payment is made. The attackers may use a botnet to carry out the attack, making it difficult for the victim to defend against.

The ransomware may also include a timer, counting down to the deadline for payment, to increase the pressure on the victim. Examples of DDoS extortion ransomware include DD4BC and Armada Collective.

Also known as leakware or extortionware. Unlike traditional ransomware, which encrypts the victim’s files and demands payment in exchange for a decryption key, doxware steals the victim’s data and threatens to publicly release it unless the ransom is paid.

Doxware works by infecting the victim’s computer or network with malware that can access and exfiltrate sensitive data, such as documents, photos, emails, and other personal information. Maze and REvil are two examples of doxware. 

Scareware ransomware displays fake messages on the victim’s screen, claiming that their system is infected with malware and demanding payment to remove it. This ransomware preys on people’s fear and lack of technical knowledge and can be very convincing.

The ransomware, such as WinFixer, may include a fake antivirus scanner or a warning message that appears to come from a legitimate organization.

ransomware victims staring their computer with encrypted data

The Consequences of a Ransomware Attack in Malaysia

Over the past few years, ransomware attacks have become increasingly common in Malaysia, with several high-profile incidents making headlines. Here are some real-world examples of ransomware attacks that have occurred in Malaysia:

In 2018, Media Prima Berhad, Malaysia’s leading media company, fell victim to a ransomware attack that resulted in a demand for a whopping $6.45 million for the decryption of their data. The attack disrupted the company’s operations and impacted several subsidiaries.

The ransomware attack affected the company’s several servers and systems, and the hackers demanded a ransom in exchange for the decryption key to unlock the company’s data. Media Prima Berhad refused to pay the ransom and rebuilt its systems from scratch.

The attack caused significant disruption to the company’s operations and resulted in the loss of essential and sensitive data. It also raised concerns about the infrastructure of Malaysia’s  cybersecurity and the need for organisations to protect themselves from cyber threats.

In September 2021, Exabyte was hit by a ransomware attack that impacted its customers’ websites and data. The attack caused significant disruption to the company’s services, and many of its customers could not access their websites or data for several days.

Exabytes responded quickly to the attack and worked to restore its systems and services. The company also advised its customers to protect their data and systems and assured them it was taking steps to prevent future attacks.

The incident highlighted the importance of cybersecurity measures for companies and the potential impact of ransomware attacks on businesses and their customers. Exabytes’ efforts to mitigate the impact on its customers helped maintain confidence in its services.

How to Protect Your Business From Ransomware Attacks

block ransomware and malware attack

In conclusion, ransomware attacks in Malaysia have become a growing concern, with a significant increase in reported cases over the years. These attacks have severe consequences for businesses and individuals, resulting in financial losses and reputational damage.

The different types of ransomware attacks can cause devastating effects on computer systems and networks. The lack of cybersecurity protection and awareness has made Malaysia an attractive target for ransomware attackers.

It is crucial for businesses and individuals to take preventive measures such as backing up data, regularly updating software, and implementing robust cybersecurity measures to protect against ransomware attacks.

At Spectrum Edge, we take the time to understand your business needs and tailor our solutions to fit your unique requirements. Whether you’re a small business or a large enterprise, we have the right tools and expertise to help you stay protected.

Our cybersecurity experts provide ongoing support, ensuring that your business is always one step ahead of potential threats. We also offer training programs and educational resources to help your employees stay informed and alert to potential cyber risks.

Don’t let ransomware attacks or other cyber threats compromise the integrity and security of your business. Contact us today and take the first step towards a more secure future.

Read more: How Small Businesses Can Prevent Ransomware.