LockBit Ransomware Group Targets eFile.com in Latest Cyber Attack

The American online tax filing platform, eFile.com, has reportedly fallen victim to a ransomware attack orchestrated by the notorious LockBit group. This incident has been highlighted on LockBit's dark web extortion site, where the group claims to have exfiltrated sensitive data and is threatening to release it publicly if their ransom demands are not met. As of now, eFile.com has neither confirmed nor denied the attack, leaving users and stakeholders in a state of uncertainty.

About eFile.com

eFile.com, owned and operated by TaxWork LLC, is a prominent player in the online tax preparation industry. Established in 2003 and based in Venice, Florida, the platform has facilitated over 65 million self-prepared tax returns. It offers a range of services designed to simplify the tax filing process for individuals, including a Free Basic Edition for simple returns and paid tiers—Deluxe and Premier—for more complex tax situations. eFile.com is known for its affordability, user-friendly tools, and personalized support from tax professionals, referred to as "Taxperts."

Attack Overview

The LockBit ransomware group has listed eFile.com on its extortion site, claiming to have exfiltrated files during the breach. The group employs "double extortion" tactics, threatening to release the stolen data if the ransom is not paid. The exact nature of the data compromised and the potential repercussions for eFile.com's users remain unclear due to the company's lack of confirmation or denial of the attack.

About LockBit Ransomware Group

LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. It has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files and employs "double extortion" tactics. The group typically demands payment in Bitcoin, ranging from several thousand to several hundred thousand dollars.

Potential Vulnerabilities

eFile.com's significant online presence and the sensitive nature of the data it handles make it an attractive target for ransomware groups like LockBit. The platform's reliance on digital infrastructure for tax preparation and e-filing services could have been exploited through vulnerabilities in Remote Desktop Protocol (RDP) services or unsecured network shares. LockBit is known for its ability to spread quickly across networks, making robust cybersecurity measures essential for platforms like eFile.com.

Sources

• eFile.com - About
• eFile.com
• SOCRadar - Dark Web Profile: LockBit 3.0 Ransomware
• TXOne Networks - Malware Analysis: LockBit 3.0
• Red Piranha - A Look at LockBit 3.0 Ransomware