A brand new model of the Mount Locker crypto-ransomware pressure is particularly focusing on victims’ TurboTax recordsdata.

As reported by Bleeping Pc, Superior Intel’s Vitali Kremez got here throughout a brand new Mount Locker pattern that particularly sought out recordsdata utilized by the TurboTax tax preparation software program.

Particularly, Kremez noticed the pattern going after recordsdata bearing the  “.tax,” “.tax2009,” “.tax2013” and “.tax2014” extensions.

A screenshot of Malware Locker focusing on TurboTax extensions. (Supply: Bleeping Pc)

The ransomware isn’t limiting its sights to simply these 4 file extensions, nonetheless. As quoted by the pc self-help web site:

Whereas Mount Locker is oddly focusing on file extensions for particular tax years, Kremez informed BleepingComputer that the ‘tax’ focusing on would match all extensions that comprise the string.

This wasn’t the primary time that Mount Locker made information in 2020.

Again in September, as an example, these answerable for sustaining the ransomware attracted the eye of the safety neighborhood for demanding ransom funds within the thousands and thousands of {dollars}.

In a single case, the Mount Locker gang requested for $2 million after claiming to have stolen 400 GB from a sufferer.

The malicious actors threatened to make that stolen data public if the sufferer refused to pay the ransom.

Increasingly ransomware assaults are incorporating not less than the specter of information theft into their assault chains. In its Quarterly Ransomware Report for Q3 2020, as an example, Coveware discovered that almost half of all profitable ransomware assaults had threatened to launch exfiltrated information throughout these months.

The safety agency additionally realized that a number of ransomware households had in some circumstances not honored the ransom funds made by victims to forestall the attackers from publishing their information on-line.

This actuality highlights the necessity for organizations to defend themselves in opposition to a ransomware assault. Probably the greatest methods they’ll do that’s by working to forestall a ransomware an infection from occurring within the first place. This useful resource is an efficient place to start out.