Security News > 2021 > January > IObit forums hacked to spread ransomware to its members
Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members.
Over the weekend, IObit forum members began receiving emails claiming to be from IObit stating that they are entitled to a free 1-year license to their software as a special perk of being a forum member.
Based on reports at IObit's forum and other forums [1, 2], this is a widespread attack that targeted all forum members.
Of particular interest, the Tor site states that IObit can send $100,000 in DERO coins to decrypt all victims, as the attackers blame IObit for the compromise.
To create the fake promotion page and host a malicious download, the attackers likely hacked IObit's forum and gained access to an administrative account.
Updated 01/19/20: A security researcher known as Ronny told BleepingComputer IOBit is using vBulletin 5.6.1 for their forum software.