Ransomware has evolved over the last three decades from a targeted cyber attack distributed on literal floppy discs to a major electronic security crisis for individuals, companies and governments.

This type of malware typically locks out computer users and locks down their systems until the cyber hijackers are paid to return access to the information.

In 2017, WannaCry ransomware went global, infecting more than 200,000 computers across 150 countries.

Most recently, almost two dozen Texas towns were victims of a coordinated attack. The Lone Star State electronic lockouts follow patterns set by ransomware demands in Florida, Maryland and New York.

Tax pros are potential targets, too: And tax professionals aren’t immune, warns the Internal Revenue Service.

In its Safeguarding Taxpayer Data guide for businesses, the IRS notes that, “Cybercriminals work hard through various tactics to penetrate your network or trick you into disclosing passwords. They may steal the data, hold the data for ransom or use your own computers to complete and file fraudulent tax returns.”

Tax ransomware, like other tax identity theft attempts and scams, typically is spread through phishing emails that convince victims to respond or unknowingly visit an infected website.

tax-themed ransomware phishing scheme back in 2017 impersonated the IRS and the Federal Bureau of Investigation in attempts to take taxpayer computer data hostage.


It used IRS and FBI emblems and directed recipients to click a link to download a fake FBI questionnaire

Instead, the link infected the victims’ computer systems with ransomware.

Old is new again and again: The IRS/FBI ransomware attack back in 2017 wasn’t new. It was, as many tax identity theft schemes and scams are, a new twist on a previously used method to get access to private tax, personal and financial data.

Such revisions and the persistence of cyber criminals are why, even though there haven’t been any recent IRS-related ransomware scams, taxpayers and tax pros need to remain on guard.

The attacks on the Texas towns are an indication, say security experts, that this type of financial demand malware likely is on the increase.

Preparing for, protecting against ransomware: The IRS has the following tips for tax practitioners to prevent ransomware attacks.

Note that much of this advice also applies to other businesses, payroll departments, human resource organizations and all of us individual taxpayers who have so much of our personal data online.

  • If you don’t have an in-house information technology (IT) professional, consult with one to help prepare and protect your business.
  • Make sure employees are aware of ransomware and of the staffers’ critical roles in protecting the business’ data.
  • For digital devices, ensure that security patches are installed on operating systems, software and firmware. This step may be made easier through a centralized patch management system.
  • Ensure that antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts. No users should be assigned administrative access unless necessary. Only use administrator accounts when needed.
  • Configure computer access controls, including file, directory and network share permissions, appropriately. If users require read-only information, do not provide them with write-access to those files or directories.
  • Disable macro scripts from office files transmitted over email.
  • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular internet browsers, compression/decompression programs.
  • Back up data regularly and verify the integrity of those backups.
  • Secure backup data. Make sure the backup device isn’t constantly connected to the computers and networks they are backing up. This will ensure the backup data remains unaffected by ransomware attempts.

Report attempts ASAP: If you do encounter a ransomware attempt or attack, report it immediately to the FBI at the Internet Crime Complaint Center at www.IC3.gov.

Tax practitioners who fall victim to a ransomware attack also should contact their local IRS stakeholder liaison.

And all of us remember that it’s always better to be suspicious and safe rather than sorry.

You also might find these items of interest: