Email remains very much the main delivery method of ransomware
but over the last three months there's been a shift in tactics, with cybersecurity researchers at Symantec
spotting a sudden surge in Windows Script Files (WSF) used to distribute ransomware.
WSF files are opened by Windows Script Host (WSH) and are designed to allow a variety of scripting languages to mix within a single file. What makes files with the .wsf extension appealing to cybercriminals, hackers, and other ransomware pushers is that they're not automatically blocked by some email clients and can be launched like a standard executable file.
Having realised that WSF files are less likely to be blocked by anti-malware programmes, ransomware campaigns using the extension type have massively jumped in recent months.
Symantec researchers say 22,000 emails containing malicious .wsf files were blocked in June and that figure had multiplied by almost 100 times by July to 2 million.