Malaysia Rejects $10M Ransom Demand After Cyberattack on KLIA

Malaysian officials refused to pay a $10 million ransom following a major cyberattack that targeted Kuala Lumpur International Airport (KLIA) on March 23.

Prime Minister Anwar Ibrahim made it clear that Malaysia would not yield to criminal demands, stating, “When I was informed about this … I did not wait five seconds. I said no. There is no way this country will be safe if its leaders and system allow us to bow to ultimatums by criminals and traitors, be it from inside or outside the country.”

Cyberattack Disrupts Airport Operations

The attack compromised Malaysia Airports Holdings Berhad’s (MAHB) digital infrastructure, disrupting KLIA's systems for over 10 hours and forcing staff to switch to manual operations.

Malaysia Airports initially referred to the incident as a "cybersecurity threat", but during a speech on Police Day, Ibrahim described it as a "heavy cyberattack".

Managing Director Dato' Mohd Izani Ghani reassured stakeholders that ensuring smooth airport operations remained a top priority, adding that efforts were underway to maintain flight and passenger services.

Airport Staff Revert to Analog Methods

With digital systems offline, airport personnel used whiteboards to manually update flight information, including gate numbers, destinations, and departure times—a move captured in images circulating online.

Unidentified Threat Actor Behind the Attack

No ransomware group has come forward to claim responsibility for the attack, and authorities have not disclosed the identity of the threat actor involved in the ransom demand.

This incident highlights the growing cybersecurity threats faced by critical infrastructure worldwide, as seen in similar cyberattacks on major industries such as the recent $1 million loss suffered by a South African poultry company due to a cyber intrusion.