Notorious ransomware gang LockBit claims to have compromised eFile.com, which offers online services for electronically filing tax returns with the US Internal Revenue Service (IRS).
To be clear: eFile.com is not owned or operated by the IRS, nor part of the agency's e-file program, but it is an IRS-authorized e-file provider.
The Register has not verified the crooks' claims, and neither the dot-com nor the IRS immediately responded to The Register's inquiries about the alleged breach. We will update this story as we receive additional information.
If the criminals' boasts do turn out to be true, it puts a lot of people's personal and financial data potentially at risk — so it's a good idea to keep an eye out for any suspicious banking activity. The website has 14 days to cough up the demanded ransom.
Plus, it follows an earlier eFile.com security snafu during which miscreants compromised the e-filing website and used it to deliver malware.
That intrusion, which appears to have happened in March 2023 — about a month before America's tax day — was spotted by Reddit users who noted that when visiting eFile.com, they were taken to a phony browser update page with a link to download and run a .exe file.
It turned out the redirection was caused by JavaScript maliciously added to the dot-com site, as confirmed by SANS Internet Storm Center founder Johannes Ullrich, which led to people being tricked into running the downloaded executable and backdooring their Windows PCs. eFile.com later removed the malicious code from its website.
- Five months after takedown, LockBit is a shadow of its former self
- Rhysida ransomware gang ships off Port of Seattle data for $6M
- Cyber crooks shut down UK, US schools, thousands of kids affected
- Ransomware batters critical industries, but takedowns hint at relief
This latest alleged compromise hits right as late tax filers, who were granted an extension by the IRS in April, scramble to submit their documents prior to the October 15 deadline.
And, of course, these claims come despite LockBit's ransomware operations being largely disrupted by global law enforcement earlier this year. While many of the gang's affiliates have moved on to greener pastures — or at least ones without as big of a targeted painted on them — LockBit ransomware refuses to die.
According to Check Point's most recent monthly ransomware stats, LockBit3 ransomware was responsible for 8 percent of all infections in August, putting this particular strain in the No. 3 position behind RansomHub (15 percent) and Meow (9 percent). ®