Security experts say it’s a threat that started small but is surely growing. It’s called ”ransomware,” and while the IRS says only a handful of tax professionals have been hit by this latest cyber-scam so far, there will be more.
The FBI has already warned that ransomware attacks are growing and evolving to threaten the private and public sectors as well as individuals.
The Internal Revenue Service, state tax agencies, and income tax industry partners are alerting practitioners that ransomware attacks are on the rise. It’s all part of the Security Summit’s “Don’t Take the Bait” campaign to boost security awareness among tax pros.
Ransomware is a type of malware that infects computers, networks, and servers and encrypts or locks data. Cybercriminals then demand a ransom to release the data. Users generally are unaware that malware has infected their systems until they receive the ransom request.
Phishlabs, in its annual Phishing Trends and Intelligence Report, named ransomware one of two transformative events of 2016 and called its rapid rise “a public epidemic.”
In May 2017, a ransomware attack dubbed “WannaCry” targeted users who failed to install a critical update to their Microsoft Windows operating system or who were using pirated versions of the operating system. Within a day, criminals held data on 230,000 computers in 150 countries for ransom.
The ransomware process usually starts with a phishing email. The email attempts to lure users to either open a link or an attachment that surreptitiously installs the ransomware software.
The FBI cautions that the scam is evolving. Cyber-crooks can also infect computers merely by a link redirecting users to a website that then infects their local computer.
How to Guard Against Ransomware
When it comes to defending against ransomware, don’t go it alone. Talk to an IT security expert. But you can also consider these steps to help prepare for – and to protect against – a possible ransomware attack:
- Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data
- For digital devices, ensure that security patches are installed on operating systems, software and firmware. This step may be easier through a centralized patch management system
- Ensure that antivirus and anti-malware solutions are set to automatically update and conduct regular scans
- Manage the use of privileged accounts — no users should be assigned administrative access unless necessary, and only use administrator accounts when needed
- Configure computer access controls, including file, directory and network share permissions, appropriately. If users require read-only information, do not provide them with write-access to those files or directories
- Disable macro scripts from office files transmitted over e-mail
- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular internet browsers, compression or decompression programs
- Back up data regularly and verify the integrity of the backups
- Secure backup data. Make sure the backup device isn’t constantly connected to the computers and networks they are backing up. This will ensure the backup data remains unaffected by ransomware attempts
Preparers should immediately report any ransomware attempt or attack to the FBI at the Internet Crime Complaint Center, www.IC3.gov. Tax practitioners who fall victim to a ransomware attack also should contact their local IRS stakeholder liaison.