Don’t Take the Bait – Ransomware

In its fourth installment, “Don’t Take the Bait”, the 10-week IRS series on security updates for tax professionals, addresses ransomware. Published on August 1st, the article defines ransomware and then offers readers tips for preventing ransomware attacks.

“Ransomware is a type of malware that infects computers, networks and servers and encrypts (locks) data,” explains the author. Once the target of the attack is locked out of their system, cybercriminals demand a ransom in exchange for releasing the data. This type of attack has increased drastically in recent years; a recent, widely-known instance of ransomware use occurred in May 2017, when a ransomware attacked dubbed “WannaCry” allowed perpetrators to hold data on 230,000 computers in 150 countries for ransom.

Though phishing emails are currently the most common delivery method for ransomware, cybercriminals are rapidly developing other infection methods, such as a link that redirects users to a website that infects their computer. The FBI warns that victims should never pay a ransom—not only does it further encourage criminals, but scammers often refuse to decrypt the user’s data, even after a ransom is paid.

The IRS article offers a variety of tips for preventing tax practitioners from falling victim to ransomware attacks; first and foremost, they recommend consulting an IT security expert, but give the following advice in addition to that:

  • Educate employees about ransomware and data protection.
  • Always install security patches on digital devices; consider implementing a centralized patch management system.
  • Enable automatic updates for antivirus and anti-malware programs, and conduct regular scans.
  • Only allow administrative access to those for whom it is a necessity.
  • Configure computer access controls appropriately.
  • Disable macro scripts from office files transmitted over email.
  • Employ software restriction policies for security.
  • Back up data regularly and verify the integrity of those backups.
  • Secure backup data.

For more details, read the article in full at