Cyber Incident Victim: Media Prima Bhd

On or around November 1, 2018, Media Prima Bhd experienced a ransomware attack that compromised its computer systems over a four-day period. The attack encrypted the Malaysian media conglomerate's data, rendering its in-house email systems inaccessible starting from the previous Thursday. Attackers demanded a ransom payment of 1,000 bitcoins (equivalent to approximately US$6.45 million or RM27 million at the time) to restore system access. The ransomware infection affected operations across Media Prima's entire corporate group, though specific entry vectors and initial detection methods remained undisclosed. While the attackers claimed control of systems through encryption, Media Prima declined official confirmation of the breach when contacted by media outlets. The company's operational response included migrating staff communications to Google's G Suite platform as a temporary workaround for email disruptions.

The incident impacted critical business functions at Media Prima, which owns four national television stations (TV3, TV9, ntv7, 8TV), four radio networks (Fly FM, Hot FM, One FM, Kool FM), and Malaysia's largest newspaper publisher (New Straits Times Press). Financial consequences remained unclear, though the group had reported a RM10.1 million net profit for the first half of 2018 following substantial losses in 2017. Media Prima confirmed through internal sources that it refused to pay the ransom despite system lockouts, prioritizing alternative recovery methods over negotiation with attackers. No public confirmation was provided regarding potential data exfiltration beyond system encryption. The company did not disclose whether law enforcement was notified or what technical containment measures were implemented beyond the email migration. Operational continuity challenges persisted given Media Prima's extensive digital media footprint across television, print, radio, and advertising platforms.