Neutrino was seen in 2013 and continued until 2016. Neutrino started with Java vulnerabilities:

• Java-CVE: 2013-0431, CVE-2013-2460, CVE-2013-2463, CVE-2013-2465, CVE-2013-2551
• Silverlight: CVE-2013-0074
• Adobe flash player: CVE-2015-0336

Neutrino was spread using pseudo-Darkleech, EiTest, and Afraidgate campaigns. Neutrino was rented in the underground market for $450 per month. Neutrino was known to distribute CryptXXX, Crypmic, and zepto ransomware in 2016.

Other popular exploit kits that contributed to ransomware distribution during the period of 2016-2017 were Angler, Rig, Sundown, and Magnitude. These exploit kits have Internet Explorer, Microsoft Silverlight, and Adobe Flash Player vulnerabilities. All of these were involved in the distribution of the top ransomware of the time - Locky, Cryptolocker, and CryptXX. Angler embedded the leaked hacking team Adobe Flash exploits to its kit in 2016.

Angler was shut down in mid-2016 after the arrests of some cyber criminals. The Rig and Sundown exploit kits continued until the third quarter of 2017.