Numerous spam campaigns are pushing various crypto-ransomware families (and backdoors) via .zip file attachments. And such .zip files typically contain a JScript (.js/.jse) file that, if clicked, will be run via Windows Script Host.
Do yourself a favor and edit your Windows Registry to disable WSH.
Here’s the key (folder).
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings
Create a new DWORD value named “Enabled” and set the value data to “0”.
And then, if you click on a .js file, you’ll see this.
Which is way better than seeing an extortion note.
Updated 2016-04-20: HKEY_CURRENT_USER can be used as an alternative.
Leave a comment