IRS Warns of a New Ransomware Attack
There’s been an alarming increase in ransomware attacks in recent months, for one very obvious reason: they work.
Ransomware attacks have involved methods such as locking up a specific network of computers, launching a DDoS attack that makes a website unreachable due to the flood of repetitive traffic, and even accessing sensitive files and threatening to publish them online. In addition to being fairly simple to pull off, many entities have found it’s easier to pay the hackers’ ransom and hopefully thwart any further damage, especially from loss of trust, lawsuits, and fines for privacy violations.
One of the most common avenues of infection from a ransomware attack involves phishing, in which the hackers convince an individual or employee to download the software for them. That’s usually accomplished by luring the person into clicking a link or opening an attachment.
Tax scams and phishing attempts that arrive in an email from the government are nothing new. Now, however, the IRS and the FBI together are warning the public about a new ransomware attack that appears to originate from both of those agencies. In an email that contains their official emblems and wording from their agencies’ websites, recipients are instructed to click the link to download a “legally required” questionnaire. The instructions even go into great detail about how to fill out the form and how long the recipient has to return it in order to avoid penalty.
Obviously, the link to the questionnaire is fake, and instead, contains malicious software that can launch the ransomware. It’s important to remember that government agencies do not solicit new information or new directives from the public via email or phone, at least not without some form of prior notification.
Events like this one serve as yet another warning about the need for up-to-date antivirus software, comprehensive company policies concerning work technology and communication, and the ability to spot a scam before it has a chance to cause damage. Annual employee training on the dangers of ransomware attacks and other cybercrimes can go a long way towards preventing these kinds of issues.
Read next: A Closer Look at your Apps’ Permissions