Top 5 Ransomware and Phishing Trends Impacting Malaysian Businesses in 2025

As Malaysia accelerates its digital transformation, businesses are seizing new opportunities for growth and innovation. But with this rapid advancement comes a significant challenge: the rising threat of cyber attacks. Phishing and ransomware are increasingly becoming top concerns for organizations across the country, with the potential to disrupt operations and compromise sensitive data.
In the fourth quarter of 2024, the Cyber999 Incident Response Centre reported 1,550 cyber incidents, marking a 4% decrease from the previous quarter. Despite this overall decline, phishing remained alarmingly prevalent, accounting for 73% of all reported fraud cases. Even more concerning, ransomware incidents surged in Q4 2024, with 16 reported incidents. This marks a 78% increase from the 9 incidents in Q3 2024, signaling a shift back to ransomware as a most prevalent threat.

What does this shift mean for Malaysian businesses? With cyber criminals evolving their strategies, leaders must understand the emerging cyber threats they are likely to face. This article will explore the top five ransomware and phishing threats currently impacting Malaysian organizations.

Top 5 Ransomware Trends Impacting Businesses in Malaysia

1. Rise of Ransomware-as-a-Service (RaaS)

Ransomware-as-a-Service (RaaS) is making it easier for cyber criminals to attack businesses. This service allows even individuals with little technical knowledge to rent ransomware tools from specialized service providers and launch sophisticated attacks. In Malaysia, this model has contributed to an increase in attacks, allowing more criminals to launch frequent and widespread ransomware campaigns. Some prominent ransomware groups, such as ALPHV (BlackCat), LockBit, and RansomHub, are known to use RaaS to expand their reach and impact.

2. Targeting Active Directory (AD) Servers

A growing trend in Malaysia is cyber criminals focusing on AD servers in ransomware attacks. AD servers are crucial for managing network resources, user access, and security. Compromising these servers can help attackers spread ransomware across an entire network quickly. This tactic allows criminals to lock up many systems at once, making the attack more damaging. Notable ransomware groups like Ryuk and Conti have been seen targeting AD servers for faster encryption across networks.

3. Double Extortion Tactics

A growing ransomware tactic in Malaysia is known as double extortion, where attackers not only encrypt victims’ files but also steal (exfiltrate) sensitive data. This method increases pressure on victims by threatening to publicly release or sell the stolen data if the ransom is not paid. This tactic has been observed in several recent ransomware campaigns, including those involving RansomHub. The Cyber999 Incident Response Centre has reported fewer than 10 confirmed RansomHub incidents. Although the number of reported cases is relatively low, the impact on affected organizations is significant, leading to operational disruptions and potential data leaks.

4. Ransomware Targeting Critical Infrastructure

Ransomware attacks on critical infrastructure are an alarming and growing trend in Malaysia. A notable example is the $10 million ransomware attack on Kuala Lumpur International Airport (KLIA), which disrupted vital airport systems such as flight information displays and check-in counters. This attack highlights how ransomware operators are increasingly targeting essential services, exploiting vulnerabilities in legacy systems to cause widespread disruption. The KLIA incident underscores the urgent need for critical infrastructure organizations to strengthen cyber security defenses and adopt proactive measures to mitigate the impact of these escalating ransomware threats.

5. Ransomware Targeting Supply Chain Weaknesses

Cyber criminals are increasingly targeting businesses through their suppliers and third-party service providers. If attackers compromise a vendor, they may gain access to larger organizations connected to them. A recent ransomware attack in Malaysia involved the LYNX ransomware group targeting a pharmaceutical manufacturing giant, Xepa-Soul Pattinson (Malaysia) Sdn Bhd. The attack began with phishing attempts and exploited unpatched vulnerabilities, leading to the theft of 500GB of sensitive data, including intellectual property and employee records. The attackers also encrypted critical systems and demanded a ransom to restore access.

Top 5 Phishing Trends Impacting Businesses in Malaysia

1. Contextualised and Localised Phishing Themes

Phishing attempts in Malaysia have become increasingly localized and tailored to exploit current events and local issues. Scammers are impersonating legitimate government aid programs, such as “bantuan kerajaan,” to trick victims into providing personal details or clicking on malicious links. Other popular scams include fake promotions or discounts from well-known retailers like Lazada or Shopee, as well as fraudulent claims about unpaid traffic fines. These scams are crafted to appear highly credible by exploiting individuals’ familiarity with trusted brands and services, making it easier to deceive them into providing personal or financial information.

2. Smishing and Mobile-Focused Phishing

Mobile-based phishing, or smishing, is increasingly popular in Malaysia. Cyber criminals are sending fraudulent SMS messages that mimic communications from banks, e-wallets, or delivery services like J&T or Pos Malaysia, often with malicious links designed to steal sensitive information. This mobile-based phishing tactic is especially dangerous, as many users may trust SMS messages more than emails, believing them to be legitimate. Additionally, attackers are exploiting mobile apps by impersonating subscription services like Netflix or Spotify, tricking victims into renewing subscriptions on fake websites.

3. Phishing Calls (Vishing)

Vishing (voice phishing) is a growing threat in Malaysia, where attackers impersonate government agencies such as the police or LHDN (Malaysian Inland Revenue Board), banks, or even organizations like CyberSecurity Malaysia. These scammers use high-pressure tactics, threatening victims with legal action, account suspension, or overdue payments, to coerce them into disclosing sensitive information over the phone. In many cases, they may also use caller ID spoofing to appear as trusted entities.

4. Phishing Attacks Targeting Financial Details

Recently, the Cyber999 Incident Response Centre of CyberSecurity Malaysia reported a phishing attack where cyber criminals impersonate the Malaysian government (MyGOV), claiming victims have overpaid due to a system error. Victims are prompted to click a link to return the excess payment, which redirects them to a fake website asking for credit card details. After entering an OTP code, victims are repeatedly asked for more OTPs, allowing scammers to collect multiple codes and make unauthorized charges to their cards. This attack leads to financial loss and the exposure of sensitive banking information.

5. Quishing – QR Code Phishing Scams

Quishing (QR code phishing) is becoming a growing threat in Malaysia, as cyber criminals exploit the increased use of QR codes. Attackers replace legitimate QR codes in public spaces, such as billboards and posters, with malicious ones. When victims scan these fraudulent QR codes, they are redirected to websites designed to steal personal and financial information.

Kaspersky’s lead security researcher, Noushin Shabab, warns that these scams are particularly dangerous due to the trust people place in QR codes for tasks like payments or accessing information. With Malaysia ranking second globally for QR code usage, the potential for widespread attacks is significant. Users are advised to verify the source of any QR code before scanning and to use trusted security apps that offer QR code scanning protection to detect potential threats.

The Need for a Proactive Approach

As businesses in Malaysia advance their digital operations, it’s clear that cyber security must evolve alongside this transformation. According to the Pikom Cyber Security Report 2024, one of the primary causes of cyber security breaches in Malaysia are ransomware, highlighting the growing and persistent threat it poses to organizations. While ransomware and phishing remain top threats, they represent just a part of a larger, more complex cyber security landscape. With new, more sophisticated cyber risks emerging every day, business leaders must be prepared to take action, adapt quickly, and safeguard the organization’s future.

Being proactive is no longer optional—it’s essential. To stay ahead of ever-evolving cyber threats, organizations must embrace a mindset of constant vigilance, continuously updating their defenses, training their workforce, and staying connected with others in their industry. The digital economy’s future depends on businesses being able to effectively defend against tomorrow’s threats, making cyber security a core pillar of business resilience and growth.