MOVEit hack: Companies hit by ransomware discouraged from paying, says Cybersecurity Malaysia


Amirudin said the Malaysia Computer Emergency Response Team (MyCert) under Cybersecurity Malaysia has recently issued an advisory on MOVEit Transfer security flaw, which is being exploited by a ransomware gang to breach a number of companies around the world. — MOHD SAHAR MISNI/The Star

KUALA LUMPUR: When it comes to paying a ransom, Cybersecurity Malaysia chief executive officer Datuk Dr Amirudin Abdul Wahab is urging companies hit by ransomware in Malaysia to say ‘No’.

“We will always say ‘No’. It’s not right for the organisations to pay because it will incentivise the attackers. So any time there is a ransom involved, don't pay. We encourage them to seek assistance from authorities whenever possible,” he said to LifestyleTech at the Cyber Security Asia 2023 event in KL today (June 19).

Ransomware is a type of malicious computer software used by cyberattackers to block access to an online system such as a database or application until a fee has been paid by the victim.

Amirudin said the Malaysia Computer Emergency Response Team (MyCert) under Cybersecurity Malaysia has recently issued an advisory on the MOVEit Transfer security flaw, which is being exploited by a ransomware gang to breach a number of companies around the world.

“When we put out an advisory, it sends out an alert that there is potentially going to be more of this attack here. We would like to minimise that possibility. We also want more people to understand that the threat is already here. We hope they will take the best practices from the advisory,” he said.

Last week, insurance companies Prudential Assurance Malaysia and Prudential BSN Takaful said that they have been affected by a ‘MOVEit cybersecurity incident’. Investigations are ongoing.

Amirudin said companies affected by any cybersecurity incidents are encouraged to seek technical assistance through the Cyber999 service under MyCert. They can call the hotline, file a report online or download the Cyber999 app.

“It is voluntary and we encourage reporting so we can provide assistance. We can guide those who reach out on how to manage and tackle the issue. Even if we can’t fully assist, we do have some international partners that will collaborate,” he said.

When asked if he is aware of any companies in Malaysia that have paid ransomware, Amirudin said: “Well, informally, I have heard that some may have paid (the ransomware) or may not. But it is the decision of the entities.”

On June 15, Prime Minister Datuk Seri Anwar Ibrahim said a cybersecurity bill will be drafted immediately to provide the National Cyber Security Committee (NACSA) with legal authority to regulate and enforce laws related to cybersecurity.

Amirudin hopes the bill will help to drive more enforcement measures as the lack of a cybersecurity act means some companies are still not taking critical measures to beef up online safety.

“To me what’s important is the preventive part. For example, I can’t force companies or critical sectors to do full security audits. We shouldn’t wait to act only when an incident has happened,” he said.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Exclusive-Amazon in talks with Italy to invest billions of euros in cloud plan, sources say
Kind South Korean students return lost credit card in ingenious way, but they might have broken the law
EVs and hybrids are twice as likely to hit pedestrians as gas cars, study shows�
Easyjet, eyeing record summer, boosts nerve centre with AI
NYPD to use drones to aid swimmers in trouble at city beaches amid lifeguard shortage
At least two victims lose RM254,000 to scammers posing as officers from SG Anti-Scam Centre
A cop gave Fresno man a jaywalking ticket. Then came ‘cyber campaign of hate and revenge’
Private-hire driver in S’pore took passenger’s laptop and reset it, erasing all her work data
Vishing meets AI: The changing nature of phishing threats
Elon Musk's xAI valued at $24 billion after fresh funding

Others Also Read