A ransomware attack that closed off access to personal and shared drives at University College London last week has been linked to a malvertising campaign spreading Mole, a variant of CryptoMix ransomware. Kafeine, a white-hat who works for Proofpoint and is known for his research into exploit kits, said in a report published today that the group behind AdGholas is responsible. AdGholas are well known malvertising purveyors who have used steganography in the past to conceal attacks. In this case, the attacks used the Astrum Exploit Kit to spread the malware.