Ransomware seems to be rampant these days. It not only encrypts your data files and ask you for money by holding you ransom for the important files. So, how can one avoid installing ransomware unknowingly?


Well F-Secure has an answer. They mentioned in an article that the source will spam such cryto-ransomware and backdoors via ZIP attachments which contains a Jscript (.js or .jse) file that if clicked will be executed via Windows Script Host.

So, the easiest way to prevent your system from infection is to harden your system by disabling Windows Script Host service via Regedit.

Do yourself a favor and edit your Windows Registry to disable WSH.

Here’s the key (folder).

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings

Create a new DWORD value named “Enabled” and set the value data to “0”.

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings

And then, if you click on a .js file, you’ll see this.

Windows Script Host access is disabled on this machine. Contact your administrator for details.

Which is way better than seeing an extortion note.