Cisco Systems has found that malicious advertisements on domains belonging to Disney, Facebook, The Guardian newspaper and others are leading people to malware that encrypts a computer’s files.

Described in detail on its blog, Cisco’s investigation unraveled a technically complex and highly effective way for infecting large number of computers with ransomware.

Levi Gundert, a former Secret Service agent and now a technical lead for threat research and analysis at Cisco, said in an interview: “It really is insidious.”

Known as “malvertising,” advertising networks have taken steps to try and detect malicious advertisements placed on their network.

“It goes to show that malvertising is a real problem,” Gundert said. “People expect when they go to a Tier 1 website that it is a trustworthy place to visit, but because there are so many third-party external links, that’s not really true.”

Cisco hasn’t yet been able to identify a group behind the attacks.