I have already given a few of these JScript infections a try in VirtualBox running Windows 10 x64 with a few hundred dummy documents and pictures and it’s surprising how quickly it encrypts them.
To import the infection, I created a virtual CD ISO file containing one of the Zip attachments and mounted it in Virtual PC. For the pictures, I copied all the dll files in the VirtualBox’s system32 directory and placed them in ‘Pictures’ with a .jpg extension and repeated to create a set of .doc files. I then created a firewall rule so that VirtualBox has access to the Internet, but not the 192.168.x.x subnet and double-checked this. For example, I then had to change the DNS to 18.104.22.168 as it could no longer access the DNS IP of my router. This also meant the infection couldn’t see the internal network.
I then opened the virtual CD drive, double clicked the Zip file and then the .js file inside. Nothing appeared to happen, so I decided to leave the mouse and keyboard alone a short while to see if anything happens. After about 1 minute the ransomware pop-up appeared saying all my files were encrypted. Indeed when I checked the folders containing the dummy pictures and documents, they were all encrypted with random files names all ending in the .zepto file extension.
After experimenting with different file sets, it appears that the number of documents affects the ransom demand figure. For example, when I created a few thousand fake .doc files, the ransom request went to something like 10 BTC.