A new ransomware was reported by BleepingComputer named Mount Locker. The ransomware was analyzed by Advanced Intel’s Vitali Kremez. This one goes after your TurboTax .ta* files for specific years. Mount Locker also has a data leak site like many other ransomware gangs. The cybercriminals threaten to publish your tax data if you don’t pay up. If you’re a TurboTax user make sure you back up all your Turbotax data to external detached flash media.
“When encrypting a computer, Mount Locker only encrypts files that have certain file extensions. With the latest version, the ransomware developers are now targeting the .tax , .tax2009 , .tax2013 , and .tax2014 file extensions associated with the TurboTax tax preparation software.”