KUALA LUMPUR, 15 October 2025 — The first half of 2025 saw ransomware attacks affecting a relatively small proportion of Malaysian businesses, mirroring global patterns where cybercriminals are increasingly selective in targeting high-value organisations rather than launching broad, indiscriminate attacks.
According to new data from cybersecurity firm Kaspersky, only 0.16% of its enterprise users in Malaysia were hit by ransomware in the first half of the year. While this figure appears modest, experts note that ransomware is designed to strike strategically, not at scale, focusing on organisations where the potential financial or operational impact is highest.
“The lower ransomware rate may offer a false sense of comfort, but it is not about volume,” said Fennie Ho, Territory Manager for Malaysia at Kaspersky. “A single breach in a high-value organisation could ripple across sectors. Without a proactive approach, the threat could shift from being a contained risk to a disruptive force in the country’s digital economy.”
The warning comes as Malaysia’s digital economy continues to expand rapidly. The sector is projected to contribute 25% of GDP in 2025, rising to 30% by 2030, driven by major investments in data centres and cloud infrastructure from global technology companies.
Top Ransomware Strains in Southeast Asia
Kaspersky identified the five most active ransomware families currently targeting enterprises in Southeast Asia:
- Trojan-Ransom.Win32.Wanna
- Trojan-Ransom.Win32.Gen
- Trojan-Ransom.Win32.Crypmod
- Trojan-Ransom.Win32.Crypren
- Trojan-Ransom.Win32.Encoder
These malware strains typically encrypt or block access to critical data, rendering systems unusable until a ransom is paid. Victims are often instructed to transfer cryptocurrency in exchange for decryption keys or restoration programs.
In a regional context, businesses in Southeast Asia faced an average of 400 ransomware attacks daily in 2024. Malaysia recorded a 153% year-on-year surge in detections, rising to 12,463 cases last year compared with 2023.
Digital Growth Brings New Cyber Risks
Ho noted that the government’s Budget 2026 proposals — including the Malaysia Digital Acceleration Grant, MyDigital ID expansion, and the MADANI Submarine Cable Connection, demonstrate a national commitment to strengthening digital infrastructure and AI capabilities.
“These initiatives will reinforce Malaysia’s digital foundations and catalyse talent readiness for the future,” Ho said. “But as connectivity deepens, so does exposure to sophisticated cyberthreats.”
Cybersecurity specialists warn that Malaysia’s growing reliance on digital infrastructure and cross-border data flows makes ransomware resilience a national priority, particularly for critical and high-value sectors such as finance, manufacturing, and telecommunications.
Building Resilience Against Ransomware
To mitigate risks, Kaspersky’s experts recommend several best practices for enterprises:
- Enable ransomware protection across all endpoints using tools compatible with existing security systems.
- Keep software updated on all devices to close vulnerabilities exploited by attackers.
- Strengthen network monitoring to detect lateral movement and data exfiltration, while maintaining offline backups for rapid recovery.
- Deploy advanced detection and response tools such as EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response) to identify and contain emerging threats.
- Leverage threat intelligence to stay informed about the tactics and techniques used by cybercriminals.
Ho added that proactive defence remains the best safeguard against ransomware’s evolving threat landscape.
“The sophistication of ransomware today demands the same level of innovation in defence,” she said. “Preparedness, not complacency, will determine how well organisations weather this next phase of digital risk.”
