Ransomware Using Windows Script Files On The Rise

Ransomware Using Windows Script Files On The Rise

There has been a dramatic increase in ransomware attacks that use Windows Script File (WSF) attachments in emails. Here’s what you need to know.

According to research from security vendor Symantec, cybercrime groups have been using malicious WSF attachments in spam email campaigns to distribute the Locky ransomware. A WSF is a text document that act as a container file for a mix of scripting languages. Some email clients don’t block WSFs by default.

Symantec has observed the following:

“Over the past number of months, Symantec has noticed a significant increase in the overall numbers of emails being blocked containing malicious WSF attachments. From just over 22,000 in June, the figure shot up to more than 2 million in July. September was a record month, with more than 2.2 million emails blocked.

IT administrators are advised to block files with .wsf extensions by default at their email gateway. This includes files inside ZIP files.

For end users, as always, regularly back up your files so that if you’re ever hit by ransomware, you can rest easy that you haven’t lost anything important.

Here’s another tip from Symantec:

“Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.”

[Via Symantec Blog]