DeadLock Ransomware: Smart Contracts for Malicious Purposes


DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.

This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.

Read more…
Source: Group IB


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering

    April 16, 2024

    Proofpoint researchers track numerous state-sponsored and state-aligned threat actors. TA427 (also known as Emerald Sleet, APT43, THALLIUM or Kimsuky), a Democratic People’s Republic of Korea (DPRK or North Korea) aligned group working in support of the Reconnaissance General Bureau, is particularly prolific in email phishing campaigns targeting experts for insight into US and the Republic of ...

  • Cisco Duo says a third-party data breach stole MFA SMS logs

    April 16, 2024

    Cisco Duo has confirmed some sensitive customer data was stolen after a third-party cyber-incident. In a breach notification letter sent to affected customers, Cisco Duo said that its telephony provider, which it didn’t name, was compromised on April 1 2024. Unidentified threat actors mounted a phishing attack against the third party, through which they stole login ...

  • Giant Tiger breach sees 2.8 million records leaked

    April 16, 2024

    When asked, they posted a small snippet as proof. The download of the full database is practically free for other active members of that forum. In March, one of Giant Tiger‘s vendors, a company used to manage customer communications and engagement, suffered a cyberattack, which impacted Giant Tiger, as reported by CBC. The retailer first learned ...

  • South Africa’s trade regulator ITAC hit by cyber attack

    April 16, 2024

    According to the organisation, the attack happened in January, leading to the exposure of the personal information of stakeholders. ITAC is an institution dedicated to promoting fair trade in South Africa in order to enhance economic growth and development. The site includes trade and tariff services as well as import and export control services. In a ...

  • MGM files suit against FTC to block cyber attack investigation

    April 16, 2024

    MGM filed the suit yesterday (15 April) in Washington’s federal court against both the FTC and Lina M Khan as FTC chair. The suit refers to the large-scale cyber attack launched against MGM in September last year. MGM was forced to shut down certain systems across its US properties due to the attack. Access to MGM ...

  • Best Practices for Deploying Secure and Resilient AI Systems

    April 15, 2024

    Deploying artificial intelligence (AI) systems securely requires careful setup and configuration that depends on the complexity of the AI system, the resources required (e.g., funding, technical expertise), and the infrastructure used (i.e., on premises, cloud, or hybrid). This report expands upon the ‘secure deployment’ and ‘secure operation and maintenance’ sections of the Guidelines for secure AI ...