Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • New Mount Locker Ransomware Version Targeting TurboTax Files
  • Cyber Attacks
  • Data Breach
  • Malware

New Mount Locker Ransomware Version Targeting TurboTax Files

5 years ago David Bisson
New Mount Locker Ransomware Version Targeting TurboTax Files

A new version of the Mount Locker crypto-ransomware strain is specifically targeting victims’ TurboTax files.

As reported by Bleeping Computer, Advanced Intel’s Vitali Kremez came across a new Mount Locker sample that specifically sought out files used by the TurboTax tax preparation software.

In particular, Kremez observed the sample going after files bearing the  “.tax,” “.tax2009,” “.tax2013” and “.tax2014” extensions.

A screenshot of Malware Locker targeting TurboTax extensions. (Source: Bleeping Computer)

The ransomware isn’t restricting its sights to just those four file extensions, however. As quoted by the computer self-help site:

While Mount Locker is oddly targeting file extensions for specific tax years, Kremez told BleepingComputer that the ‘tax’ targeting would match all extensions that contain the string.

This wasn’t the first time that Mount Locker made news in 2020.

Back in September, for instance, those responsible for maintaining the ransomware attracted the attention of the security community for demanding ransom payments in the millions of dollars.

In one case, the Mount Locker gang asked for $2 million after claiming to have stolen 400 GB from a victim.

The malicious actors threatened to make that stolen information public if the victim refused to pay the ransom.

More and more ransomware attacks are incorporating at least the threat of data theft into their attack chains. In its Quarterly Ransomware Report for Q3 2020, for instance, Coveware found that nearly half of all successful ransomware attacks had threatened to release exfiltrated data during those months.

The security firm also learned that several ransomware families had in some cases not honored the ransom payments made by victims to prevent the attackers from publishing their data online.

This reality highlights the need for organizations to defend themselves against a ransomware attack. One of the best ways they can do that is by working to prevent a ransomware infection from occurring in the first place. This resource is a good place to start.

The post ” New Mount Locker Ransomware Version Targeting TurboTax Files” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Encryption, Malware, Ransomware, TripWire

Continue Reading

Previous Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the Call
Next Facebook Messenger Bug Allows Spying on Android Users

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

3 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

18 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

20 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

1 day ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

1 day ago [email protected] (The Hacker News)

Recent Posts

  • CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
  • Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
  • Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
  • Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
  • Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT