Ransomware distributors aren't taking anything for granted.
Ransomware groups have evolved yet another new tactic in their quest to infect victims with malicious file-encrypting software, including those behind the notorious Locky campaign.
Email remains very much the main delivery method of ransomware but over the last three months there's been a shift in tactics, with cybersecurity researchers at Symantec spotting a sudden surge in Windows Script Files WSF used to distribute ransomware.
WSF files are opened by Windows Script Host WSH and are designed to allow a variety of scripting languages to mix within a single file.
What makes files with the .wsf extension appealing to cybercriminals, hackers, and other ransomware pushers is that they're not automatically blocked by some email clients and can be launched like a standard executable file.
Having realised that WSF files are less likely to be blocked by anti-malware programmes, ransomware campaigns using the extension type have massively jumped in recent months.