A drive-by campaign that uses a one-two punch to drop Cryptowall 4.0 has been observed in the wild this week. The latest version of the malware encrypts data on victims machines, but also filenames, something that makes it much trickier to recover them without paying the ransom. Researchers at Heimdal Security say they have blocked more than 200 domains this week that attackers are using to spread the malware. The malware is based on the Nuclear Exploit Kit, which is one of the most popular exploit kits to distribute the ransomware.
Source: https://threatpost.com/angler-exploit-kit-spreading-cryptowall-4-0-ransomware/115538/