DeadLock Ransomware: Smart Contracts for Malicious Purposes


DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.

This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.

Read more…
Source: Group IB


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • India: EPFO, PMO data breach, Centre says aware of reports, Cert-In looking into details

    February 21, 2024

    The government is aware of reports of a data breach that claims having datasets from the Prime Minister’s Office (PMO) and the Employees’ Provident Fund Organisation, and has asked the Indian Computer Emergency Response Team (Cert-In) to look into it, senior officials told ET. “We are aware of it but need to verify if the claims ...

  • Cybersecurity for satellites is a growing challenge, as threats to space-based infrastructure grow

    February 20, 2024

    In today’s interconnected world, space technology forms the backbone of our global communication, navigation and security systems. Satellites orbiting Earth are pivotal for everything from GPS navigation to international banking transactions, making them indispensable assets in our daily lives and in global infrastructure. However, as our dependency on these celestial guardians escalates, so too does their ...

  • Toronto Public Library uncertain whose data stolen in October cyber attack

    February 20, 2024

    The Toronto Public Library needs more time to investigate whether cardholder, volunteer and donor data has been compromised during a serious cyberattack four months ago. In a final report to the board on the October 2023 security breach that the library said exposed the personal data of staff and family members, it said it is “currently ...

  • ConnectWise Releases Critical Security Update for ScreenConnect

    February 20, 2024

    ConnectWise has released a security update addressing two vulnerabilities in on-premise ScreenConnect deployments. The update addresses a critical authentication bypass vulnerability with a CVSSv3 score of 10 and a path traversal vulnerability with a CVSSv3 score of 8.4. A remote unauthenticated attacker could exploit these vulnerabilities to read arbitrary files, gain root access on the underlying ...

  • Law enforcement disrupt world’s biggest ransomware operation

    February 20, 2024

    In a significant breakthrough in the fight against cybercrime, law enforcement from 10 countries have disrupted the criminal operation of the LockBit ransomware group at every level, severely damaging their capability and credibility. LockBit is widely recognised as the world’s most prolific and harmful ransomware, causing billions of euros worth of damage. This international sweep follows ...

  • Cambridge faces cyber attack

    February 19, 2024

    The University faced a cyberattack yesterday (20/02), which is affected internet and services across multiple UK higher education institutions. Students at various colleges were notified of the attack, which affected access to IT services such as CamSIS and Moodle. An internal email revealed that the incident was a Distributed Denial of Service (DDoS) attack, described as ...