DeadLock Ransomware: Smart Contracts for Malicious Purposes


DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.

This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.

Read more…
Source: Group IB


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • U.S. Army Intelligence Analyst Arrested and Charged with Conspiracy to Obtain and Disclose National Defense Information

    March 7, 2024

    Korbein Schultz, a U.S. Army soldier and intelligence analyst, was arrested today at Fort Campbell following an indictment by a federal grand jury charging him with conspiracy to obtain and disclose national defense information, exporting technical data related to defense articles without a license, conspiracy to export defense articles without a license, and bribery of ...

  • Jersey data breach leaks personal information

    March 7, 2024

    A data breach at Jersey’s Financial Services Commission has allowed access to non-public names and addresses. The organisation confirmed a “vulnerability” was detected in its Registry system on 23 January. It said the leak did not link any individuals to registered entities or roles held and that it had separately written to those whose names and addresses ...

  • Insurance giant Fidelity hit by data breach

    March 6, 2024

    Sensitive information belonging to tens of thousands of Fidelity Investments Life Insurance customers was stolen, reportedly thanks to a supply chain attack that happened in 2023. The insurance giant has filed a data breach notification with the Maine attorney general’s office in which it stated that 28,268 of its customers had their private data leaked after ...

  • Wyze reports a new data breach

    March 6, 2024

    Security cameras have become very popular for people to plug into their home network, hoping this with deter burglars (or should a robbery happen, that some footage of the event will be captured). Yet how secure is the digital image data? Recently, Wyze users encountered a camera breach with the cybersecurity incident impacting some 13,000 users. ...

  • Ontario: City of Hamilton confirms ransomware is behind cyber attack

    March 5, 2024

    Ransomware is behind the cyber attack on the city of Hamilton, Ont., the municipality’s city manager says. Marnie Cluckie told reporters Monday afternoon that the attack, which was detected the evening of Sunday, Feb. 25, was the result of ransomware. She wouldn’t say what strain of the malware the city has been hit with, how long ...

  • Hacker forum post claims UnitedHealth paid $22 mln ransom in bid to recover data

    March 5, 2024

    A post on a hacker forum popular with cybercriminals has claimed UnitedHealth Group opens new tab paid $22 million in a bid to recover access to data and systems encrypted by the “Blackcat” ransomware gang, according to two researchers. Neither UnitedHealth nor the hackers involved have commented on the alleged ransom payment, but a cryptocurrency tracing ...