Noora Hyvärinen
Numerous spam campaigns are pushing various crypto-ransomware families (and backdoors) via .zip file attachments. And such .zip files typically contain a JScript (.js/.jse) file that, if clicked, will be run via Windows Script Host.
Do yourself a favor and edit your Windows Registry to disable WSH.
Here’s the key (folder).
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings
Create a new DWORD value named “Enabled” and set the value data to “0”.
And then, if you click on a .js file, you’ll see this.
Which is way better than seeing an extortion note.
Updated 2016-04-20: HKEY_CURRENT_USER can be used as an alternative.
Related posts
5 phases of a cyber attack: The attacker’s view
Cyber security is not something you do once and then you’re done. It is a continuous process that should be part of everything you do. However, no one has the resources to do everything perfectly. Thus, your goal should be constant improvement.
Read more
Of Cameras & Compromise: How IoT Could Dull Your Competitive Edge
The Internet of Things is here. And with it are exciting possibilities, cost savings and efficiencies. But there’s a dark side to this bright new world, and it can be summed up in what we call Hypponen’s Law: If it’s smart, it’s vulnerable.
Read more
How to decompile any Python binary
At WithSecure we often encounter binary payloads that are generated from compiled Python. These are usually generated with tools such as py2exe or PyInstaller to create a Windows executable.
Read more
The Chilling Reality of Cold Boot Attacks
What do you do when you finish working with your laptop? Do you turn it off? Put it to sleep? Just close the lid and walk away?
Read more