Such attacks were once subtler, used to distribute malvertising to drive click-based revenue or in some instances, spread stealthy malware.
But now researchers at Malwarebytes have uncovered a campaign which is harnessing RIG on hacked websites in order to distribute the Princess/PrincessLocker ransomware.
However, researchers have noted that the similarities between the two forms of ransomware are superficial, with the actual code behind PrincessLocker "much different" to that of Cerber.
Upon visiting a compromised website, the user will be directed to a hacked page which is used to take advantage of exploits in order to deploy PrincessLocker onto the system.
The attack vector is different to a ransomware distributor's usual tactic of pushing it in phishing emails, but once the malware is delivered, the result is the same -- the victim's files are encrypted and the cybercriminals demand a ransom in order for them to be freed up.
PrincessLocker initially asks for a 0.0770 bitcoin ransom ($370/£285) -- a relatively low figure compared to other formsof ransomware -- in return for "special software" to decrypt the files.
The attackers claim that this is a "special price" which is only available for seven days. If a victim waits longer than that to pay the ransom, it rises to 0.1540 bitcoin ($738/£570).
Researchers have previously determined PrincessLocker to be relatively unsophisticated compared to other forms of ransomware. Because of this, a decryption tool is available to crack earlier forms of PrincessLocker. However, the attackers took note of their initial errors and the tool no longer works for the more recent strains.