Kuala Lumpur Airport Cyberattack: Ransom Demand for $10 Million

The computer disruptions that afflicted Kuala Lumpur International Airport over the past weekend were the result of a cyberattack, according to a joint announcement from Malaysia’s National Cyber Security Agency (NACSA) and Malaysia Airports Holdings Berhad (MAHB). The coordinated statement confirmed that the attack began on March 23 and led to significant operational disturbances across critical airport systems.

NACSA and MAHB stated that a comprehensive investigation was launched immediately upon discovery of the breach to determine its nature and extent. NACSA was alerted to the incident on the very day the attack commenced and has since maintained continuous communication with all relevant parties.

Malaysian Prime Minister Anwar Ibrahim publicly acknowledged the cyberattack during an address on March 26, revealing that the perpetrators had targeted MAHB and demanded a ransom of $10 million. Ibrahim firmly rejected any notion of negotiation, describing the act as a betrayal and a threat to national security. He asserted that the government would not capitulate to threats—whether foreign or domestic.

While authorities have not officially confirmed whether ransomware was used, and no known threat group has claimed responsibility thus far, the demand for payment suggests the possible deployment of encryption-based extortion software. At present, no further technical details have been disclosed.

Despite the attack, Malaysia Airports officials affirmed that core operations at Kuala Lumpur International Airport remained largely unaffected. However, reports and photographs circulating online indicated that several terminal systems—including flight information displays, check-in kiosks, and baggage handling—were rendered inoperative for over ten hours. This forced airport staff to revert to manual operations, with employees using whiteboards and markers to communicate departure times.

A former Malaysian Member of Parliament openly criticized the government for its lack of transparency, casting doubt on the official explanation attributing the disruption to a mere network hardware failure. He highlighted the prolonged outage and pointed to the inadequate contingency planning evident at one of the country’s most critical international transit hubs.