How legitimate websites are used to spread ransomware