Ransomware Using Windows Script Files On The Rise

There has been a dramatic increase in ransomware attacks that use Windows Script File (WSF) attachments in emails. Here’s what you need to know.

According to research from security vendor Symantec, cybercrime groups have been using malicious WSF attachments in spam email campaigns to distribute the Locky ransomware. A WSF is a text document that act as a container file for a mix of scripting languages. Some email clients don’t block WSFs by default.

Symantec has observed the following:

“Over the past number of months, Symantec has noticed a significant increase in the overall numbers of emails being blocked containing malicious WSF attachments. From just over 22,000 in June, the figure shot up to more than 2 million in July. September was a record month, with more than 2.2 million emails blocked.

IT administrators are advised to block files with .wsf extensions by default at their email gateway. This includes files inside ZIP files.

For end users, as always, regularly back up your files so that if you’re ever hit by ransomware, you can rest easy that you haven’t lost anything important.

Here’s another tip from Symantec:

“Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.”

[Via Symantec Blog]

The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.