Ransomware Targets Tax Software & Documents in Growing Trend
NJCCIC Alert
Original Release Date: 11/25/2020
Summary
A new version of Mount Locker ransomware has been identified targeting tax software files. Like other ransomware variants, Mount Locker, first seen in July 2020, threatens to publish stolen data in an additional extortion attempt. The new version searches for and encrypts files with extensions that are typically affiliated with TurboTax software, such as .tax, and .tax2014 . Researchers have seen an uptick in ransomware groups targeting tax software and documents. This is likely in an attempt to not only steal highly sensitive information, but to cause disruptions and increase pressure on businesses as tax documents are often time sensitive.
Recommendations
The NJCCIC recommends users keep hardware and software up to date, encrypt sensitive data, and ensure data is backed up as part of a comprehensive data backup plan. Additionally, we recommend reviewing the NJCCIC Ransomware: Risk Mitigation Strategies guide and applying cybersecurity best practices to reduce the risk of a ransomware or other malware infection. Further information can be found in the SC Magazine article.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.