# Mount Locker ransomware now targets your TurboTax tax returns **[bleepingcomputer.com/news/security/mount-locker-ransomware-now-targets-your-turbotax-tax-returns/](https://www.bleepingcomputer.com/news/security/mount-locker-ransomware-now-targets-your-turbotax-tax-returns/)** Lawrence Abrams By [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) November 19, 2020 04:09 PM 0 The Mount Locker ransomware operation is gearing up for the tax season by specifically targeting TurboTax returns for encryption. Mount Locker is a relatively new ransomware operation that began infecting victims in July 2020. Like other human-operated ransomware gangs, the Mount Locker gang will compromise networks, harvest unencrypted files to be used for blackmail, and then encrypt the devices on the network. Stolen data and the encrypted files are then used in a double-extortion scheme where victims are warned that their stolen files will be published on a data leak site if a ransom is not paid. ----- **Mount Locker data leak site** ## New Mount Locker version targets TurboTax With the tax season fast approaching, some are already gathering their tax information and inputting it into TurboTax to prepare for the April 15th tax deadline. In a [new version of the ransomware analyzed by Advanced Intel's Vitali Kremez, Mount](https://twitter.com/VK_Intel/status/1329472284889919490) Locker is getting ready for the tax season as well by specifically targeting files used by the TurboTax tax software. When encrypting a computer, Mount Locker only encrypts files that have certain file extensions. With the latest version, the ransomware developers are now targeting the .tax, .tax2009, .tax2013, and .tax2014 file extensions associated with the TurboTax tax preparation software. ----- **Malware Locker targeting TurboTax extensions** While Mount Locker is oddly targeting file extensions for specific tax years, Kremez told BleepingComputer that the 'tax' targeting would match all extensions that contain the string. To be safe from Mount Locker and other ransomware, be sure to make backups of your TurboTax files and other essential documents on detachable media after you make any changes. Simply backing up your important files to a USB drive every night and then unplugging it will guarantee the safety of your files even if you suffer a ransomware attack. ### Related Articles: [Windows 11 KB5014019 breaks Trend Micro ransomware protection](https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-trend-micro-ransomware-protection/) [Industrial Spy data extortion market gets into the ransomware game](https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/) [New ‘Cheers’ Linux ransomware targets VMware ESXi servers](https://www.bleepingcomputer.com/news/security/new-cheers-linux-ransomware-targets-vmware-esxi-servers/) [SpiceJet airline passengers stranded after ransomware attack](https://www.bleepingcomputer.com/news/security/spicejet-airline-passengers-stranded-after-ransomware-attack/) [US Senate: Govt’s ransomware fight hindered by limited reporting](https://www.bleepingcomputer.com/news/security/us-senate-govt-s-ransomware-fight-hindered-by-limited-reporting/) [Mount Locker](https://www.bleepingcomputer.com/tag/mount-locker/) [Ransomware](https://www.bleepingcomputer.com/tag/ransomware/) [Tax Return](https://www.bleepingcomputer.com/tag/tax-return/) [Taxes](https://www.bleepingcomputer.com/tag/taxes/) [TurboTax](https://www.bleepingcomputer.com/tag/turbotax/) [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) ----- Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence s area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies. [Previous Article](https://www.bleepingcomputer.com/news/security/facebook-messenger-bug-allowed-android-users-to-spy-on-each-other/) [Next Article](https://www.bleepingcomputer.com/news/linux/kali-linux-20204-switches-the-default-shell-from-bash-to-zsh/) Post a Comment [Community Rules](https://www.bleepingcomputer.com/posting-guidelines/) You need to login in order to post a comment [Not a member yet? Register Now](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=register) ### You may also like: -----