There have been reports of an uptick in the use of the RIG exploit kit to deliver the CrypMIC ransomware to unsuspecting users - the kit leverages known a few known Flash vulnerabilities, targeting unpatched systems, while the ransomware it drops encrypts and holds files for ransom.
The kit is compromises legitimate websites and redirecting visitors to domains that are downloading ransomware onto their machines
To redirect users to malicious servers, attackers used stolen domain credentials to set up subdomains of legitimate sites. According to Threatpost, domain owners neglect to monitor their login credentials and may fail to notice they’ve been hit with a phishing attack. This is known as domain shadowing, and can allow attackers to go undetected as they pose as legitimate sites.