Encrypted currency trading platform encountered Log4Shell (CVE-2021–44228) vulnerability attack and refused to pay 5 million ransom
Our Intelligence Team reported that ONUS, Vietnam’s largest cryptocurrency trading platform, was running a vulnerable Log4j version of its payment system that suffered a cyber attack. The attackers demanded that ONUS pay a ransom of 5 million U.S. dollars and threatened to publish user data.
The attackers demanded that ONUS be required to pay a ransom of 5 million, otherwise the stolen data would be made public. On December 25, because ONUS did not pay the full ransom, the attackers sold customer data on the dark web data exchange market. The attacker claimed to have 395 ONUS database tables containing customer personal data and hashed passwords. The sample data includes the customer’s ID card image, passport, and video clips submitted by the customer during the KYC process.
Lunaray security team reminds everyone to pay attention to the protection of assets and information to avoid damage.