LockBit Ransomware Hits eFile.com in Major Cyber Attack

Incident Date:

September 19, 2024

World map

Overview

Title

LockBit Ransomware Hits eFile.com in Major Cyber Attack

Victim

eFile.com

Attacker

Lockbit3

Location

Mt Pleasant, USA

South Carolina, USA

First Reported

September 19, 2024

LockBit Ransomware Group Targets eFile.com in Latest Cyber Attack

The American online tax filing platform, eFile.com, has reportedly fallen victim to a ransomware attack orchestrated by the notorious LockBit group. This incident has been highlighted on LockBit's dark web extortion site, where the group claims to have exfiltrated sensitive data and is threatening to release it publicly if their ransom demands are not met. As of now, eFile.com has neither confirmed nor denied the attack, leaving users and stakeholders in a state of uncertainty.

About eFile.com

eFile.com, owned and operated by TaxWork LLC, is a prominent player in the online tax preparation industry. Established in 2003 and based in Venice, Florida, the platform has facilitated over 65 million self-prepared tax returns. It offers a range of services designed to simplify the tax filing process for individuals, including a Free Basic Edition for simple returns and paid tiers—Deluxe and Premier—for more complex tax situations. eFile.com is known for its affordability, user-friendly tools, and personalized support from tax professionals, referred to as "Taxperts."

Attack Overview

The LockBit ransomware group has listed eFile.com on its extortion site, claiming to have exfiltrated files during the breach. The group employs "double extortion" tactics, threatening to release the stolen data if the ransom is not paid. The exact nature of the data compromised and the potential repercussions for eFile.com's users remain unclear due to the company's lack of confirmation or denial of the attack.

About LockBit Ransomware Group

LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. It has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files and employs "double extortion" tactics. The group typically demands payment in Bitcoin, ranging from several thousand to several hundred thousand dollars.

Potential Vulnerabilities

eFile.com's significant online presence and the sensitive nature of the data it handles make it an attractive target for ransomware groups like LockBit. The platform's reliance on digital infrastructure for tax preparation and e-filing services could have been exploited through vulnerabilities in Remote Desktop Protocol (RDP) services or unsecured network shares. LockBit is known for its ability to spread quickly across networks, making robust cybersecurity measures essential for platforms like eFile.com.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.