At CyberStreams, we understand how fast a cyberattack can disrupt operations—especially for small businesses like law firms, universities, non-profits, and manufacturers. But what happens when hackers target something even more critical—like a major international airport?

That’s exactly what happened on March 23, 2025, when Kuala Lumpur International Airport (KLIA) was thrown into chaos. A ransomware attack brought key systems to a halt, including flight information displays, check-in counters, and baggage handling. The hackers demanded a staggering $10 million ransom from Malaysia Airports Holdings Berhad (MAHB), the operator of KLIA.

A Bold Refusal and a Throwback Response

Malaysian Prime Minister Anwar Ibrahim refused the demand without hesitation, declaring:

“There is no way this country will be safe if its leaders and system allow us to bow to ultimatums by criminals and traitors.”

With no digital systems to rely on, KLIA staff resorted to an old-school but effective solution: whiteboards. They manually listed flight destinations, departure times, and gate assignments. For over 10 hours, the airport functioned like it was decades in the past—a powerful visual of how vulnerable even high-tech infrastructures can be.

While no group has taken responsibility, the attack mirrors an alarming trend. According to Sophos, 66% of global critical infrastructure operators have faced ransomware threats. And KLIA’s experience shows just how fragile operations can become when systems are taken offline.

Why This Matters for Your Business

You might not run an airport, but the risks are the same. A law firm’s sensitive client records, a university’s student data, or a manufacturer’s supply chain can all become prime targets. The 2025 Ponemon Institute Report reveals that 82% of ransomware attacks now involve data exfiltration—meaning cybercriminals not only lock you out, they steal your data too.

KLIA managed to keep flights moving, but it came at a price: long delays, passenger frustration, and reputational damage. Small businesses might not have the resources or brand resilience to recover so easily. At CyberStreams, we’ve seen first-hand how damaging even brief outages can be—especially when there’s no recovery plan in place.

Rejecting ransom demands is the right call, but it must be paired with strong preparation. Otherwise, you’re simply hoping you won’t be next.

Three Takeaways and Next Steps

To protect your business before an attack strikes, we recommend:

1. Back Up Everything

Regularly back up critical data and test your recovery process. KLIA’s whiteboard workaround was only necessary because systems couldn’t be restored quickly.

2. Harden Your Defenses

Use network segmentation, strong endpoint protection, and proactive monitoring. Our Cyber Fit Assessment helps identify and fix vulnerabilities before hackers find them.

3. Train for the Unexpected

Make sure your team knows what to do if systems go down. From manual processes to communication protocols, practice makes preparedness.

Conclusion

KLIA’s refusal to pay a $10 million ransom was courageous—and necessary. But courage alone isn’t enough. Without preparation, even the strongest organizations can find themselves writing on whiteboards in the middle of a crisis.

At CyberStreams, we believe that every business deserves to be resilient. Whether you're running a nonprofit, a manufacturing plant, or a law firm, our mission is to help you protect what matters most. Don’t wait until you’re in the headlines—build your defense today.

Contact us to learn how CyberStreams can help you stay secure, prepared, and operational—no whiteboards required.