Unknown Ransomware Is Distributed Through Fake IRS Emails

Whenever the IRS issues a statement regarding technology or cryptocurrency, there is plenty of reason to be concerned. In some cases, however, the institution legitimately aims to protect consumers from financial harm. Its latest communication appears to concern the topic of ransomware distributed via phishing emails. Interestingly enough, these emails are fake. 

IRS Phishing Emails Distribute Ransomware

Cybercriminals know no boundaries when it comes to nefarious activity. Although the distribution of malware and ransomware via email is nothing new by any means, they do not shy away from impersonating legitimate agencies either. Sending out fake emails seemingly coming from the Internal Revenue Service to distribute ransomware is bound to get the attention of the real IRS sooner or later. It turns out the criminals have succeeded, although it is nearly impossible to thwart their efforts right away.

The fake IRS email looks pretty legitimate. It boasts an official logo, and the message included leaves nothing to the imagination. Victims are told they must download a questionnaire, fill it in with personal information, and email it to the IRS. The email in question also bears the logo of the FBI, although it is unclear why that institution would be involved. Then again, the email states that the goal is to maximize tax revenue, and a mention of the FBI might make some people believe this questionnaire to be legitimate.

That is not the case, though. As soon as a recipient downloads the attachment, they will effectively allow their computer to be infected with ransomware. For the time being, researchers have no clue which ransomware they are dealing with, as it does not bear any resemblance with any known strains. It does successfully encrypt files on the computer in question, although there is no mention of it altering master boot records or anything like that. Nor is it clear how much money its developers ask for when the customer wishes to decrypt his or her files.

Schemes like these are nothing new either, though. Criminals have used IRS-spoofed email messages in the past for other nefarious purposes, such as the infamous tax return scam. It is up to individual consumers to identify these threats and take action accordingly. The IRS would never contact users with a questionnaire using a file that must be downloaded and mailed to them in physical form. The whole setup makes no sense whatsoever, despite the inclusion of logos belonging to the IRS and FBI.

Indeed, anyone in the U.S. with a potential tax issue would not be contacted by email or phone either. Nor would that communication take place in a threatening tone. Luckily, the IRS issued a few warnings weeks ago to prevent U.S. citizens from falling victim to any form of scam, hack, or malware distribution attempt. It is good to see officials explain this situation so it is clear for everyone to understand. This governmental institution is widely respected, even though not everyone agrees with its decisions every time.

The bigger question is who is behind this new ransomware distribution campaign. Researchers would also love to know which type of malware is being distributed exactly. Knowing that this is a serious threat which no one has encountered before will not put people’s minds at ease by any means. There is also no free decryption tool available for this ransomware, as researchers literally know nothing about it at this stage. Once they can analyze a few samples, things will become a lot clearer.