A malvertising campaign is redirecting users to the RIG exploit kit to target enterprise users who are still using Internet Explorer and Flash Player. The malicious scripts will attempt to exploit vulnerabilities in the browser to install a variety of malware including the Nemty 1.6 ransomware. The most obvious change in this version is the ransom note that now shows a version number of 1.06. This was most likely done to break the decryptor created by security firm Tesorion, which didn’t go as plan.
Source: https://www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/