DeadLock Ransomware: Smart Contracts for Malicious Purposes


DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.

This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.

Read more…
Source: Group IB


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Roku Discloses Data Breach, 15,000 Accounts Compromised

    March 13, 2024

    The streaming platform Roku has suffered a data breach, with more than 15,000 accounts compromised. The company – which has more than 80 million active accounts – revealed the breach in filings with the state attorney generals of Maine and California on Friday. The filings indicate that 15,363 accounts were compromised between Dec. 28, 2023, and ...

  • Chinese security authority warns of espionage traps in online dating and job hunting

    March 13, 2024

    Are they your like-minded “online friends”? Intimate “lovers”? Caring “friends”? Helpful “good Samaritans”? Or perhaps, these are all just sweet “traps” set by espionage forces, Chinese Ministry of State Security warned the public in its latest article published on Wednesday. The ministry listed several cases adapted from real life incidents with characters using pseudonyms in the ...

  • New Multi-Stage StopCrypt Ransomware

    March 12, 2024

    The SonicWall Capture Labs threat research team recently observed a new variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file encryption code. Infection Cycle At the start of execution, it creates a string of msim32.dll on the stack, and, using LoadLibrary, loads ...

  • Is Cybersecurity The Achilles’ Heel Of The Electric Vehicle Revolution?

    March 12, 2024

    The electric vehicle (EV) sector, though nascent and in its formative years, faces numerous challenges. Recent concerns, such as “range anxiety” (a vehicle battery’s charge and ability to complete a planned journey) among consumers and incidents of vehicles losing power in cold temperatures, have contributed to a slowdown in adoption. While the trajectory of electric vehicle ...

  • Acer Philippines reports data breach in third-party vendor system

    March 12, 2024

    Acer Philippines confirmed through an official statement that a security breach occurred within a third-party vendor’s system. The vendor was responsible for managing Acer Philippines’ employee attendance data, and the breach resulted in the unauthorized access of this information. The company emphasized that this incident does not involve Acer Philippines customer databases. Customer data remains secure, ...

  • Ransomware: Attacks Continue to Rise as Operators Adapt to Disruption

    March 12, 2024

    Ransomware activity remains on an upward trend despite the number of attacks claimed by ransomware actors decreasing by slightly more than 20% in the fourth quarter of 2023. Attackers have continually refined their tactics and proven quick to respond to disruption, finding new ways to infect victims. Analysis of data from ransomware leak sites shows that ...