Mount Locker ransomware gang prepares for tax period targeting TurboTax returns for encryption. Mount Locker is a relatively new ransomware company that started infecting victims last July. Like other ransomware gangs, the Mount Locker gang violates them networks in its targets, collects non-encrypted archives who later uses them to blackmail the victim and then encrypts the Appliances existing in the breached network.
The gang uses the stolen goods data and encrypted files to carry out double blackmail against victims, where the latter receive a warning from the hackers that their stolen files will be published on a data leak site, in case they refuse to pay the required ransom.
As the tax season approaches, many people have already started collecting their tax information and entering it into TurboTax to prepare for the April 15 tax deadline.
According to BleepingComputer, in a new version of ransomware analyzed by her Vitali Kremez Advanced Intel, Mount Locker prepares for the tax period, targeting specific files used by the "TurboTax" tax software.
On a compromised computer, Mount Locker ransomware only encrypts files that have specific extensions. Specifically, ransomware creators target file extensions .tax, .tax2009, .tax2013 and .tax2014 related to TurboTax.
Therefore, security experts advise people to create copies security of TurboTax files and other key documents on removable media after making any changes to protect against possible Mount Locker ransomware attacks. All they need to do is back up their important files to a drive USB every night and then disconnect it. This way they will be able to secure their files even if they fall victim to ransomware attack.