In short order, the newest version of Cryptowall has begun showing up in exploit kits.
The SANS Internet Storm Center said on Tuesday that an attacker working off domains belonging to Chinese registrar BizCN has been moving the ransomware via the Nuclear Exploit Kit.
SANS ISC handler and Rackspace security engineer Brad Duncan said that until recently, Cryptowall 4.0 has been moved almost exclusively via malicious spam and phishing emails. He said this is the first time Cryptowall 4.0 has been infecting machines via an exploit kit.
Once again, running Anti-Exploit programs like CryptoMonitor, Malwarebytes Anti-Exploit, EMET, HitmanPro.Alert, etc. will help to reduce the risk of infection.