Hi everyone,
Recently Sophos has seen an increase in malware being spread via malicious JavaScript files (.js). These typically come as an attachment on an email either just as a .js file or inside a zip. An example detection name for the .js files would be: Troj/JSDldr-* and for the zipped files: Mal/DrodZp-*
Typically If a user could open these files they will often be a 'Downloader' which connects to a remote site to download the actual malware payload, which most commonly is Ransomware.
As an extra layer of protection against these threats you can use Application Control in the Sophos Enterprise Console or Sophos Cloud to block 'Microsoft WSH WScript' which can be found in the 'Programming / Scripting tool' category.
Please note that this might affect other legitimate software so we advise testing this before rolling it out to a live environment.
This thread was automatically locked due to age.
