Hacked Iobit Emails & Forums Found Delivering Ransomware

As per the reports, a well known company named iObit was hacked, and all its forum members received promotional emails that appeared to be legitimate and offering them with a free one-year license for any of its software.

However, such promotions are found to be not real. And the criminals are actually spreading those emails. The link included in those emails are to download various software which are actually associated with DeroHE ransomware. Means, if a user somehow download and install the software from provided link, their files will be encrypted with .DeroHE extension. Also a ransom note will be created which allows them to learn how to restore such locked files.

Being precised to such spam emails, they seem to be originated from webmaster#iobit.com, however some other emails may also be used for this purpose. Means, in case if you too are one of the Iobit member and received such promotional emails, then you should avoid interacting with those. Simply delete the email permanently, else your machine will be infected.

More findings over DeroHE ransomware

According to various reports, the users who somehow clicked on ‘Get It Now’ button in the email, were redirected to hxxps://forums.iobit.com/free-iobit-license-promo.zip that downloaded and archive file on computers. However, this malicious page is not working anymore.

That archive file actually included digitally signed files from the Iobit license manager app, but that’s too with a sight twisting sign. Actually, a file named IobitUnlocker.dll in the file was replaced with malicious codes. As a result, once a user executes the file to install, the dll file runs to install DeroHE ransomware without any prior notice.

With this employed trick by hackers, many Iobit forum members are tricked to install ransomware on their machine and their files got encrypted. The ransom note included by the malware is found to be named as FILES_ENCRYPTED.html and READ_TO_DECRYPT.html.

Through this note, the criminals offer users with various options to regain access over locked files. The hackers actually blaming Iobit for the spread of ransomware, and says that the company has to pay the hackers with around $100,000 in cryptocurrency DERO. Once the demanded payment will be processed, the criminals will yield every infected users with necessary tools.

Tell iobit.com to send us 100000 (1 hundred thousand) DERO coin to this address. dERopYDgpD235oSUfRSTCXL53TRakECSGQVQ2hhUjuCEjC6z SNFZsRqavVVSdyEzaViULtCRPxzRwRCKZ2j2ugCg26hRtLziwu
After payment arrive, all encrypted computer (including yours) will be decrypted. THIS IS IOBIT's FAULT for your computer got hacked.

The other option also asks the users to transfer 200 coins to mentioned cryptocurrency wallet address. However, it’s not yet known that locked files can easily be decrypted, but the users are highly prohibited to deal with criminals. The users are highly advised to stay away from contacting them and paying any ransom fee.

Although, the company has somehow managed to take down the link for scam promotional purposes, but its forum is still compromised with malicious codes. The members are asked to subscribe to notifications which would show various ads regarding adult content, gambling pages, malicious programs, and many more.

Means, it’s better to stay cautious against such email messages, and if you are one infected by this malspam campaign, are suggested to check out how you can deal with DeroHE ransomware and its impacts properly.