A brand new model of the Mount Locker crypto-ransomware pressure is particularly focusing on victims’ TurboTax recordsdata.

As reported by Bleeping Laptop, Superior Intel’s Vitali Kremez got here throughout a brand new Mount Locker pattern that particularly sought out recordsdata utilized by the TurboTax tax preparation software program.

Particularly, Kremez noticed the pattern going after recordsdata bearing the  “.tax,” “.tax2009,” “.tax2013” and “.tax2014” extensions.

A screenshot of Malware Locker focusing on TurboTax extensions. (Supply: Bleeping Laptop)

The ransomware isn’t limiting its sights to simply these 4 file extensions, nevertheless. As quoted by the pc self-help web site:

Whereas Mount Locker is oddly focusing on file extensions for particular tax years, Kremez instructed BleepingComputer that the ‘tax’ focusing on would match all extensions that comprise the string.

This wasn’t the primary time that Mount Locker made information in 2020.

Again in September, as an illustration, these chargeable for sustaining the ransomware attracted the eye of the safety neighborhood for demanding ransom funds within the hundreds of thousands of {dollars}.

In a single case, the Mount Locker gang requested for $2 million after claiming to have stolen 400 GB from a sufferer.

The malicious actors threatened to make that stolen info public if the sufferer refused to pay the ransom.

Increasingly ransomware assaults are incorporating no less than the specter of information theft into their assault chains. In its Quarterly Ransomware Report for Q3 2020, as an illustration, Coveware discovered that almost half of all profitable ransomware assaults had threatened to launch exfiltrated information throughout these months.

The safety agency additionally discovered that a number of ransomware households had in some instances not honored the ransom funds made by victims to stop the attackers from publishing their information on-line.

This actuality highlights the necessity for organizations to defend themselves in opposition to a ransomware assault. Among the best methods they’ll do that’s by working to stop a ransomware an infection from occurring within the first place. This useful resource is an effective place to start out.