Privacy Ninja

Ransomware Gang Taunts IObit With Repeated Forum Hacks

Ransomware Gang Taunts IObit With Repeated Forum Hacks

A ransomware gang continues to taunt Windows software developer IObit by hacking its forums to display a ransom demand.

On January 16th, the IObit forums were hacked as part of an attack to distribute the DeroHE ransomware. During this attack, the threat actors emailed all of the IObit forum users with a free software promotion linking to a ransomware installer hosted on IObit’s forums.

Fake IObit free software promotion

When recipients downloaded the fake IObit software installer, they were infected with the DeroHE ransomware. To gain access to a decryptor, the threat actors demand $100 in the DERO cryptocurrency, or IObit could pay them $100,000 in DERO to decrypt all victims.

Also Read: How to Send Mass Email Without Showing Addresses: 2 Great Workarounds

DeroHE ransom note

DeroHE is the first ransomware to require payment in DERO, which is likely to promote the cryptocurrency and increase its value.

DERO describes itself as a privacy coin that allows for secure and anonymous transactions and smart contract execution.

“Dero is the first crypto project to combine a Proof of Work blockchain with a DAG block structure and wholly anonymous transactions,” states the DERO website.

Ransomware gang taunts IObit in continued forum hacks

At the time of our original DeroHE reporting, the forum was still hacked with adware scripts that redirected users to adult sites when clicking on links.

Over the weekend, the ransomware actors again hacked the IObit forums to display a message demanding that IObit pay them $100,000 in DERO or the attacks would continue.

“Hello, your IObit have been hacked! A week has passed and your “antivirus” company still doing nothing to secure their server! IObit send us 100000 DERO or more hacks and leaks to come,” read the IObit forum over the weekend.

IObit forums replaced by a message from attackers

Today, IObit appears to have shut down their forums while likely attempting to clean it from any web shells and patch vulnerabilities. Attempts to connect to the forum time out, as shown below.

IObit forums no longer responding

IObit users have privately expressed concerns to BleepingComputer regarding their frustration that IObit has not released an official statement about the ransomware attack and their forums’ repeated hacks.

Also Read: How a Smart Contract Audit Works and Why it is Important

IObit has also not responded to our repeated emails regarding the attack.

Outsourced Data Protection Officer – It is mandatory to appoint a Data Protection Officer. We help our clients quickly comply with their PDPA & data protection requirements.

Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.

Smart Contract Audit – Leverage our industry-leading suite of blockchain security analysis tools, combined with hands-on review from our veteran smart contract auditors.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.

Powered by WhatsApp Chat

× Chat with us