Financial Institution MIDF Berhad Falls Victim to Group Rhysida

Incident Date:

April 7, 2024

World map



Financial Institution MIDF Berhad Falls Victim to Group Rhysida


Malaysian Industrial Development Finance




George Town, Malaysia

, Malaysia

First Reported

April 7, 2024

MIDF Berhad: A Target for Ransomware Attacks

Company Overview

The financial institution based in Malaysia MIDF Berhad is a significant player in the financial sector and has recently been targeted by the ransomware group rhysida. It operates in three core business areas: investment banking, development finance, and asset management. The company's annual report for 2023 is available on the Securities Commission Malaysia's website.

MIDF offers a range of financial services to businesses while committing to security awareness, as evidenced by their security awareness page on their website. They provide guidance on how to avoid scams and phishing attempts, emphasizing the importance of verifying sources before sharing personal information or transferring funds.

Vulnerabilities and Threats

The Rhysida Ransomware Group has been observed to threaten victims with public distribution of the exfiltrated data, bringing them in line with modern-day multi-extortion groups. These attacks can cause significant disruptions and monetary losses in the finance sector, as seen in the case of the Industrial and Commercial Bank of China's ransomware attack in the U.S.

The specific vulnerabilities are not detailed in the available information. However, cybersecurity threats, including ransomware attacks, have been observed to be on the rise in Malaysia


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.