DeadLock Ransomware: Smart Contracts for Malicious Purposes


DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.

This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.

Read more…
Source: Group IB


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Iranian Cyber Actors Targeting Personal Accounts to Support Operations

    September 27, 2024

    The Federal Bureau of Investigation (FBI), U.S. Cyber Command – Cyber National Mission Force (CNMF), the Department of the Treasury (Treasury), and the United Kingdom’s National Cyber Security Centre (NCSC) are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity by cyber actors working on behalf of the Iranian Government’s Islamic Revolutionary ...

  • Multiple Vulnerabilities in Common Unix Printing System (CUPS)

    September 27, 2024

    On Thursday, September 26, 2024, a security researcher publicly disclosed several vulnerabilities affecting different components of OpenPrinting’s CUPS (Common Unix Printing System). CUPS is a popular IPP-based open-source printing system primarily (but not only) for Linux and UNIX-like operating systems. According to the researcher, a successful exploit chain allows remote unauthenticated attackers to replace existing printers’ ...

  • UK data watchdog investigating MoneyGram data breach

    September 27, 2024

    The U.K.’s data protection regulator has confirmed it’s investigating MoneyGram after receiving a data breach report from the U.S.-based money transfer giant. The U.K.’s Information Commissioner’s Office, which requires that organizations report data breaches within 72 hours of discovering the incident, confirmed to TechCrunch on Friday that the watchdog had received a report from MoneyGram following ...

  • Ransomware attacks increasingly target Vietnam’s financial sector

    September 26, 2024

    At a recent conference on digital finance, Le Van Tuan, Director of the Department of Information Security under the Ministry of Information and Communications, said finance is a sector with a high ranking in digital transformation, but at the same time, the risk of information security is always lurking with the sector. According to statistics from ...

  • Storm-0501: Ransomware attacks expanding to hybrid cloud environments

    September 26, 2024

    Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, and ...

  • Australia’s biggest medical imaging provider I-MED data breach exposes tens of thousands of patient files

    September 26, 2024

    Tens of thousands of patients from Australia’s biggest medical imaging provider I-MED have had swaths of sensitive health and personal information exposed in a data breach using details that have been public for a year. This information includes medical reports, scan images, names, addresses and other details that were stored in I-MED’s internal systems, which were ...