Last week, IObit, a company that develops various utilities for Windows, suffered from the DeroHE ransomware attack. Now it is reported that hackers continued to attack IObit.Last time, the IObit forum was compromised, and its members began to receive emails on behalf of the company, which stated that as a gift, users were entitled to a free one-year license for their software.
In fact, the page https://forums.iobit[.]com/promo.html, created by the cybercriminals, did not distribute free software, but the ransomware DeroHE, which demanded a ransom in the DERO cryptocurrency from the affected forum users (about $100).
On their website on the darknet, the hackers not only accepted payment from victims, but also offered IObit to pay 100,000 DERO to decrypt the data of all users at once.
DeroHE is the first ransomware to require payment in DERO, which is likely to help promote the cryptocurrency and increase its value.
“Dero is the first crypto project to combine Proof of Work blockchain with DAG block structure and completely anonymous transactions”, — the DERO website says.
The hackers claimed that everything that happened was IObit’s fault, and therefore the company should pay.
What is worse, the company’s forums remained compromised for a long time. When visiting them, arrived the 404 error along with the dialog boxes in the browser with an offer to subscribe to notifications. If user agreed to receive notifications, they really started to come, and mostly it was advertising for adult sites, malware and other inappropriate content.
As Bleeping Computer now reports, the attackers did not stop there. Last weekend, the IObit forum was hacked again. Attackers seem to be making fun of IObit.
The hackers again demanded that the company pay them 100,000 DERO, threatening that would follow new hacks and leaks.
“Hello, your IObit has been hacked! A week has passed and your antivirus company is still doing nothing to protect their server! IObit, send us 100,000 DEROs or there will be more hacks and leaks”, — says hackers’ message.
After this repeated compromise, IObit completely shut down the forum that is now inaccessible. Journalists note that the company still did not make any official statements about the attack, did not warn users about the ransomware on the forum, and in general continues to remain silent.