Security News > 2021 > December > Fintech firm hit by log4j hack refuses to pay $5 million ransom
One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version.
Threat actors approached ONUS to extort a $5 million sum and threatened to publish the customer data should ONUS refuse to comply.
After the company's refusal to pay the ransom, threat actors put up data of nearly 2 million ONUS customers for sale on forums.
ONUS was then reportedly slapped with a $5 million extortion demand that they declined to meet.
Log4j exploit may have been the entry point for attackers, but improper access control on ONUS' Amazon S3 buckets allowed attackers undue access.
Cybersecurity firm CyStack, which provided services to ONUS, has conducted a thorough investigation and released their findings on the attack mechanics and the backdoor planted by the attackers.