Microsoft warns for emails with attachments containing Javascript files hidden in .RAR or .ZIP files that try to infect computers with the Locky ransomware. Besides Javascript files, also Office documents with malicious macros are used to distribute ransomware.
(Obfuscated Javascript)
Javascript is used because it can be used to faster infect a computer than using other methods, as Microsoft's Alden Pornasdoro explains, "It is interesting to note that an Office attachment with malicious macros typically requires two or more clicks on the document to run it. One click to open the document, and another click to enable the macros. On the other hand, the JavaScript attachments only takes one or two clicks for it to start executing."
The Javascript in the files is heavily obfuscated to avoid detection by antivirus products. Because it's very, very unlikely that Javascript files contain useful information Microsoft advises to not open them. The company also recommends to disable macros in Office software.
