A web page pretending to offer an official application from PayPal is currently spreading a new variant of Nemty ransomware to unsuspecting users. It appears that the operators of this file-encrypting malware are trying various distribution channels as it was recently observed as a payload from the RIG exploit kit (EK).
Source: Bleeping Computer