Level 66
Content Creator
Malware Hunter
The Mount Locker ransomware operation is gearing up for the tax season by specifically targeting TurboTax returns for encryption.
Mount Locker is a relatively new ransomware operation that began infecting victims in July 2020. Like other human-operated ransomware gangs, the Mount Locker gang will compromise networks, harvest unencrypted files to be used for blackmail, and then encrypt the devices on the network. [...]
In a new version of the ransomware analyzed by Advanced Intel's Vitali Kremez, Mount Locker is getting ready for the tax season as well by specifically targeting files used by the TurboTax tax software.
When encrypting a computer, Mount Locker only encrypts files that have certain file extensions. With the latest version, the ransomware developers are now targeting the .tax, .tax2009, .tax2013, and .tax2014 file extensions associated with the TurboTax tax preparation software.