Ransomware Attacks in Malaysia: A Legal Perspective on Cybersecurity


The COVID-19 pandemic, lockdowns, and the shift to remote working have contributed to a rapid rise in ransomware in Malaysia.

According to Sophos’ annual study of Ransomware 2022, 79% of Malaysian businesses are seeing an alarmingly high number of ransomware attacks in 2021 compared to other regions.

The State of Ransomware 2022 - A Sophos Whitepaper
Refer to Sophos’ annual State of Ransomware 2022 survey

Targets range from small unlisted companies to large organisations and government agencies, often with sophisticated cyber defences and policies.

However, with more organisations embracing remote working, it is more critical than ever that they protect themselves and their people from ransomware attacks — but how?

In this article, we explore the government bodies that supervise cyber security and legislation that deters ransomware in Malaysia.

Malaysia Government Agencies That Are Deal With Cyber Security

There are many government agencies and units that are responsible for handling matters relating to cyber security and ransomware in Malaysia.

Among them are:

National Cyber Security Agency (NACSA)

NACSA Official Portal

NACSA was established in 2017 as the national lead agency for cyber security matters to secure and strengthen Malaysia’s resilience against cyber-attacks and ransomware.

It coordinates and consolidates the nation’s cyber security experts and resources to develop and implement national-level cyber security policies and strategies.

Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme

The MyCC Scheme is a systematic process for evaluating and certifying the security functionality of ICT products against strict criteria or standards.

This scheme also consists of an Evaluation Facility that carries out security evaluations against agreed standards in an independently accredited environment.

Cyber999 Help Centre

Cyber999 is a cyber security incident response centre operated by MyCERT (Malaysia Computer Emergency Response Team) to report cyberbullying incidents that threaten internet users’ safety or privacy.

A trained incident handler will work with CyberSecurity Malaysia, law enforcement agencies, and internet service providers to resolve security complaints.

CyberSAFE Malaysia

Cyber Safe Malaysia

Awareness also plays a crucial role in protecting ourselves from ransomware attacks. CyberSAFE Malaysia is an initiative by the government to increase public awareness and knowledge of cyber safety and ransomware attacks in Malaysia.

It provides guidelines and resources for Malaysians to ensure their online experience is positive and secure.

You can also use security solutions such as Acronis Cyber Protect to provide protection against external threats and help you avoid data loss.

This encryption technology provides a new level of security for your business & ensures you recover from a ransomware situation if it is ever faced.

Legislations Relating to Ransomware Cyber Security

Ransomware Malaysia

The following legislations are in place to prevent cybercrime and ransomware attacks in Malaysia:

Computer Crimes Act 1997 (CCA 1997)

As one of the earliest legislations enacted to battle cybercrime in Malaysia, CCA 1997 is a statutory legislation governing offences relating to computer misuse.

Section 5 of CCA 1997 makes infection of IT systems with malware (ransomware, spyware, worms, trojans and viruses) an offence when the act is made knowing that it will cause unauthorised modification to contents in any computer.

Communications and Multimedia Act 1998 (CMA 1998)

CMA 1998 regulates the administration and licensing requirements of multimedia operations as well as the utilisation of network services.

Its objectives are:

  • To promote national policy goals for the communications and multimedia industry
  • To develop a licensing and regulatory framework that supports the national policy objectives for the communications and multimedia industry
  • To establish the powers and functions of the Malaysian Communications and Multimedia Commission (MCMC)
  • To establish procedures for the administration of the CMA 1998

Penal Code (PC)

Besides that, the offence of extortion under Section 383 of PC is also a measure to deter cybercrime related to a ransomware attack.

This provision states that when one intentionally puts the victim in fear of any injury to themself or any other and thereby dishonestly induces the victim to deliver any property or valuable security, it amounts to extortion.

Therefore, if anyone is found guilty of extorting money from a victim through a cybercrime, the person may be found guilty under PC.

Read More: How Cloud Managed Backup Solutions Help Your Business

Once a company falls victim to a successful ransomware attack, the technical and legal considerations are significant.

However, they can be prevented by following guidelines provided under the various cybersecurity legislations enacted in Malaysia.

We recommend that all organisations keep a close eye on legal developments and seek advice from IT security professionals in Malaysia.

They have the expertise to evaluate whether your security controls will safeguard your data from ransomware.

In addition, you should consider using all-time cloud security services and solutions such as Cloudflare, Acronis, SentinelOne and McAfee to meet your company’s needs while maintaining critical data sovereignty.

Aegis Cloud Endpoint Backup (CEB)

Aegis offers comprehensive cloud endpoint backup services designed around our customers and delivered on the platform that best meets their needs.

Whether you are looking to solve IT issues, develop a strategy, utilise managed services, or secure your IT infrastructure, we are the end-to-end services provider that can help.

Aegis CEB is the ideal data protection solution for your business.

It is an automatic backup solution for your endpoint devices, with proactive monitoring and maintenance to protect your data from human error, malware and theft.

Cyber Security Solution

Originally from: www.aegis.com.my/ransomware-malaysia


Enterprise Cloud Solutions & Managed Services

Notify of
Inline Feedbacks
View all comments