Exploitation of CLFS zero-day leads to ransomware activity