Named RAA, the malware is disguised as a document and starts encrypting files immediately when opened.
One security expert said the approach was likely to fool many victims.
"It's an interesting approach to ransomware," said Ken Munro of security company Pen Test Partners.
The RAA ransomware was discovered by security researchers known as Benkow and JamesWT.
It is sent to victims by email and if opened on a Windows machine uses the "Windows Based Script Host" to run its code.