Malvertising campaign is targeting Internet Explorer users from Vietnam, Korea, Malaysia and possibly other Asian countries. Malvertising is redirecting users to a RIG exploit kit that will attempt to exploit Flash vulnerabilities in the browser. If successful, a user will see Internet Explorer crash and various alerts from the Windows Script Host. This is because the exploit kit will execute a JScript command that downloads an obfuscated VBScript script. This script downloads and installs Sodinokibi Ransomware, also known as REvil, on the victim’s computer.
Source: https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-targeting-asia-via-the-rig-exploit-kit/