Mount Locker is a relatively new ransomware operation that began infecting victims in July 2020. With the latest version, the ransomware developers are now targeting the.tax,.tax2009,.tax2013, and.tax2014 file extensions associated with the TurboTax tax preparation software. Stolen data and encrypted files are then used in a double-extortion scheme where victims are warned that their stolen files will be published on a data leak site if a ransom is not paid. To be safe, be sure to make backups of your TurboTax files and other essential documents on detachable media after you make any changes.
Source: https://www.bleepingcomputer.com/news/security/mount-locker-ransomware-now-targets-your-turbotax-tax-returns/