DeadLock Ransomware: Smart Contracts for Malicious Purposes


DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.

This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.

Read more…
Source: Group IB


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • The sound of you typing on your keyboard could reveal your password

    December 12, 2023

    As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate way to guess your password by listening to ...

  • Kyivstar explains network failure by hacker attack, subscriber data not compromised

    December 12, 2023

    A failure in the network of Ukraine’s largest telecoms operator Kyivstar, which occurred on Tuesday morning, was caused by a hacker attack, but subscriber data was not compromised, the company involved law enforcement agencies and special government services in eliminating the failure, and promises compensation to customers. “On the morning of December 12, the Kyivstar communications ...

  • Bitcoin ATM company Coin Cloud hacked

    December 12, 2023

    In November, the cybersecurity collective vx-underground wrote on X, formerly Twitter, that unknown hackers were claiming to have breached Coin Cloud, a bankrupt Bitcoin ATM company. According to vx-underground, the hackers claimed to have stolen 70,000 pictures of customers taken from cameras embedded in the ATMs, as well as the personal data of 300,000 customers, which ...

  • Spider-Man developer Insomniac Games suffers ransomware attack

    December 12, 2023

    Insomniac Games, the studio behind titles including Spyro, Ratchet & Clank and Marvel’s Spider-Man, has been breached by the Rhysidia ransomware group. Rhysidia shared screenshots of the stolen on its TOR site, including imagery from Insomniac’s upcoming game, Marvel’s Wolverine. Personal data like passport scans of current and former employees also appears to be included, as ...

  • Russian diplomat accuses West of patronizing Ukrainian IT army that commits cybercrime

    December 12, 2023

    The US-led West supervises Ukraine’s so-called IT army that may be responsible for cybercrime, Russia’s representative Irina Tyazhlova said on Monday. Addressing a meeting of the UN Open-ended Working Group (OEWG) on security of and in the use of information and telecommunication technologies (ICTs), she said: “Other numerous malicious activities with the use of ICTs were ...

  • US healthcare giant Norton says hackers stole millions of patients’ data during ransomware attack

    December 11, 2023

    Kentucky-based nonprofit healthcare system Norton Healthcare has confirmed that hackers accessed the personal data of millions of patients and employees during an earlier ransomware attack. Norton operates more than 40 clinics and hospitals in and around Louisville, Kentucky, and is the city’s third-largest private employer. The organization has more than 20,000 employees, and more than 3,000 ...