Windows Script Host is enabled by default in Windows.
Shut it down. If you do mistakenly open a .js attachment it can’t execute.
Few people need to run javascript outside a browser and there is no real reason to send someone a legitimate .js attachment.
Ransomware authors are looking for new vulnerabilities to take a computer and its data hostage.
.js execution is ideal because an infected file doesn’t need user permission to run and antivirus or antimalware software usually doesn’t detect it.
Make it a habit not to allow unknown file extensions to execute in the first place.
Simple reg key fix. Took me all of two minutes, including a restart for “good luck”.