Numerous email spam and phishing campaigns are pushing a number of crypto-ransomware families (and backdoors) via .zip file attachments. And such .zip files typically contain a JScript (.js/.jse) file that, if clicked, will be run via Windows Script Host.
Do yourself a favor and edit your end user PC's Windows Registry to disable WSH.
Here’s the key (folder).
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings
Create a new DWORD value named “Enabled” and set the value data to “0”.
*see image below*
And then, if you click on a .js file, you’ll see this message: "Windows Script Host access is diabled on this machine. Contact your administrator for details."
Credits to the F-Secure Blog for the details on this vulnerability.
Do yourself a favor and edit your end user PC's Windows Registry to disable WSH.
Here’s the key (folder).
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings
Create a new DWORD value named “Enabled” and set the value data to “0”.
*see image below*
And then, if you click on a .js file, you’ll see this message: "Windows Script Host access is diabled on this machine. Contact your administrator for details."
Credits to the F-Secure Blog for the details on this vulnerability.