A Treasury Inspector General for Tax Administration (TIGTA) report found that the IRS had effective controls in place to respond to and recover from malware and ransomware attacks.

According to the report, TIGTA conducted an audit "to determine the effectiveness of controls to respond to and recover from malware (ransomware) attacks." The report defined malware as “a general term used to refer to types of computer programs that are designed to disrupt, damage, or gain unauthorized access to computers in order to cause disruption for financial or political gains” and ransomware as “a type of cyber extortion where a form of malware infiltrates computer systems or networks and encrypts data, holding it ‘hostage’ until the victim pays a ransom.”

The audit found that the IRS had no successful ransomware attacks against it since June 2022. One attempted attack was identified by the IRS through suspicious website traffic and mitigated by removing the computer from the network. Those actions caused TIGTA to determine that “the IRS took appropriate actions to resolve the incident.”

Overall, TIGTA’s review of IRS policies and procedures related to Incident Response Plan requirements, as well as those related to required alternate storage site and system backup contingency planning controls, were generally consistent with National Institute of Standards and Technology (NIST) guidance. A part of the U.S. Department of Commerce, NIST is a physical science laboratory.

TIGTA made no recommendations as a result of the audit. The IRS agreed with the facts and conclusions presented.