As recently as Wednesday afternoon, a U.S. government website was hosting a malicious JavaScript downloader that led victims to installations of Cerber ransomware. The malware link has since been taken down.

A ransomware study released Google revealed the malware earned criminals $25 million over the past two years.

Here are the exploit kits to watch for over the next three to six months.

Since January, a number of ransomware families are sharing a common infrastructure with different techniques allowing the malware to hide from detection systems.

A spam campaign has started spreading Sage ransomware, while a ransomware service known as Satan allows users to customize distribution.

Researchers have discovered that criminals behind the latest Cerber ransomware variant are leveraging Google redirects and Tor2Web proxies in a new and novel way to evade detection.

Researchers claim to have found the largest ransomware-as-a-service (RaaS) ring to date. The operation generates an estimated $2.5 million annually and targets computer users with a new variant of the notorious Cerber ransomware. According to a research report published today by Check Point Software Technologies and IntSights, the RaaS ring consists of 161 active campaigns with...

Exploits for the most recent Adobe Flash Player zero-day vulnerability have been integrated into the Neutrino and Magnitude exploit kits, and are leading compromised computers to different ransomware strains and a credential-stealing Trojan. A French researcher who goes by the handle Kafeine told Threatpost that Neutrino has embedded a working exploit for CVE-2016-4117 while Magnitude...

Starting in April security experts at FireEye spotted a massive uptick in Cerber ransomware attacks delivered via a rolling wave of spam. Researchers there link the Cerber outbreaks to the fact that attackers are now leveraging the same spam infrastructure credited for making the potent Dridex financial Trojan extremely dangerous. Cerber, which is best known...

Exploits for a zero-day vulnerability in Adobe Flash Player are being aggressively distributed in two exploit kits. The zero day, meanwhile, was patched by Adobe in an emergency update released Thursday night. Attackers are using the previously unpatched flaw in the maligned Flash Player to infect victims with either Locky or Cerber ransomware. Locky is a relatively...