A brand new model of the Mount Locker crypto-ransomware pressure is particularly focusing on victims’ TurboTax recordsdata.

As reported by Bleeping Laptop, Superior Intel’s Vitali Kremez got here throughout a brand new Mount Locker pattern that particularly sought out recordsdata utilized by the TurboTax tax preparation software program.

Particularly, Kremez noticed the pattern going after recordsdata bearing the  “.tax,” “.tax2009,” “.tax2013” and “.tax2014” extensions.

A screenshot of Malware Locker focusing on TurboTax extensions. (Supply: Bleeping Laptop)

The ransomware isn’t limiting its sights to only these 4 file extensions, nevertheless. As quoted by the pc self-help web site:

Whereas Mount Locker is oddly focusing on file extensions for particular tax years, Kremez informed BleepingComputer that the ‘tax’ focusing on would match all extensions that comprise the string.

This wasn’t the primary time that Mount Locker made information in 2020.

Again in September, as an example, these answerable for sustaining the ransomware attracted the eye of the safety neighborhood for demanding ransom funds within the tens of millions of {dollars}.

In a single case, the Mount Locker gang requested for $2 million after claiming to have stolen 400 GB from a sufferer.

The malicious actors threatened to make that stolen data public if the sufferer refused to pay the ransom.

An increasing number of ransomware assaults are incorporating a minimum of the specter of knowledge theft into their assault chains. In its Quarterly Ransomware Report for Q3 2020, as an example, Coveware discovered that almost half of all profitable ransomware assaults had threatened to launch exfiltrated knowledge throughout these months.

The safety agency additionally realized that a number of ransomware households had in some instances not honored the ransom funds made by victims to forestall the attackers from publishing their knowledge on-line.

This actuality highlights the necessity for organizations to defend themselves in opposition to a ransomware assault. Among the best methods they will do that’s by working to forestall a ransomware an infection from occurring within the first place. This useful resource is an efficient place to begin.