DeadLock Ransomware: Smart Contracts for Malicious Purposes


DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.

This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.

Read more…
Source: Group IB


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Operation HAECHI IV: USD 300 million seized and 3,500 suspects arrested in international financial crime operation

    December 19, 2023

    LYON, FRANCE – A transcontinental police operation against online financial crime has concluded with almost 3,500 arrests and seizures of USD 300 million (approx. EUR 273 million) worth of assets across 34 countries. The six-month Operation HAECHI IV (July-December 2023) targeted seven types of cyber-enabled scams: voice phishing, romance scams, online sextortion, investment fraud, money laundering ...

  • Mr. Cooper leaks personal data of 14 million loan and mortgage customers

    December 19, 2023

    A major mortgage and loan company based in Dallas, working under the name Mr. Cooper Group Inc. has released more information on a recent breach. In a data breach notification, the company didn’t say what type of cyberattack caused the compromise of customer data, calling it a rather non-descriptive “External system breach (hacking).” For those unfamiliar ...

  • Europol publishes IOCTA spotlight report on online fraud schemes

    December 19, 2023

    Europol’s spotlight report on online fraud highlights that online fraud schemes represent a major crime threat in the EU and beyond as online fraudsters generate multiple billions in illicit profits every year to the detriment of individuals, companies and public institutions. Fraud schemes are perpetrated with the intention of defrauding victims of their assets using false ...

  • Xfinity discloses a data breach but doesn’t say how many users are affected

    December 18, 2023

    Xfinity is notifying customers of a “data security incident” it says resulted in the theft of customer information, including usernames, passwords, contact information, and more. In a notice on Monday, Xfinity says “there was unauthorized access” to its systems from October 16th to October 19th, 2023. Xfinity traces the breach to a security vulnerability disclosed by ...

  • Coverage Advisory for CVE-2023-50164: Apache Struts Path Traversal and File Upload Vulnerability

    December 18, 2023

    CVE-2023-50164 is a path traversal flaw that allows a remote attacker to upload malicious files to vulnerable servers. After successful exploitation, an attacker can achieve Remote Code Execution (RCE) on the target server. An attacker exploiting such a vulnerability can access, upload, or modify important files, steal sensitive information, disrupt critical services, or move laterally on ...

  • #StopRansomware: Play Ransomware

    December 18, 2023

    The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) are releasing this joint CSA to disseminate the Play ransomware group’s IOCs and TTPs identified through FBI investigations as recently as October 2023. Since June 2022, the Play (also known as Playcrypt) ransomware group ...