Ransomware attacks have become very common in 2020. The ransomware group named Mount Locker first came into action in July and it is now preparing to take advantage of the tax season in the U.S. Mount Locker operators have been observed specifically targeting Turbo Tax returns. Turbo tax is a software used for the preparation of American income tax returns.
Cybercriminals responsible for this Mount Locker operation used the double extortion tactic. This is a very common tactic among almost all ransomware families in which the attackers threaten the victims that their data will be leaked online if the ransom is not paid.
Mount Locker had targeted and stolen data from Swedish Tax Agency as well as Sweden’s national legislation and supreme decision-maker Riksdag. Mount Locker specifically targets taxpayers by encrypting files that have specific file extensions, including .tax, .tax2009, .tax2013, and .tax2014—which are all associated with the TurboTax software.
As these attacks have become very common, experts have suggested taxpayers keep backups of TurboTax files and other important documents. They have also warned taxpayers to stay alert always while receiving an email asking for tax details.