DeadLock Ransomware: Smart Contracts for Malicious Purposes


DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.

This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.

Read more…
Source: Group IB


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • UAE: ChatGPT used to launch cyber and ransomware attacks, says head of cybersecurity

    June 7, 2023

    Cyber attackers are using ChatGPT to launch ransomware attacks, said a senior UAE government official on Wednesday. “The emerging trend at the start of the year is that ChatGPT is used in some of the ransomware and phishing attacks. We investigated this with our partners and the discovery is really clear that adversaries are using that ...

  • Thousands of Aer Lingus staff data stolen in ransomware attack

    June 7, 2023

    A Russia-linked ransomware gang responsible for a global cyber attack that has led to 5,000 Aer Lingus staff having their data stolen may have acquired enough information for identity theft, a leading cybercrime expert has warned. US company Progress Software revealed last week hackers had found a way to compromise the MOVEit Transfer software which is ...

  • Adversaries increasingly using vendor and contractor accounts to infiltrate networks

    June 6, 2023

    The software supply chain has become a key security focus for many organizations, but the risks associated with supply chain attacks are often misunderstood. High-profile incidents like those reported by 3CX and MSI routinely grab headlines, continuing a trajectory of big-name security events that involve one specific aspect of the supply chain – software. Successful software-focused ...

  • CISA Releases Two Industrial Control Systems Advisories

    June 6, 2023

    CISA released two Industrial Control Systems (ICS) advisories on June 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-157-01 Delta Electronics CNCSoft-B DOPSoft Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • Spanish Globalcaja bank confirms ransomware attack

    June 5, 2023

    A prominent Spanish bank has confirmed that it is dealing with a ransomware attack that has impacted multiple branches. On Friday, Globalcaja issued a statement assuring customers that the incident has not impacted its entities’ operations, and that electronic banking and ATM services are still functioning. Read more… Source: Computing News  

  • Microsoft says Clop ransomware gang is behind MOVEit mass-hacks, as first victims come forward

    June 5, 2023

    Security researchers have linked to the notorious Clop ransomware gang a new wave of mass-hacks targeting a popular file transfer tool, as the first victims of the attacks begin to come forward. It was revealed last week that hackers are exploiting a newly discovered vulnerability in MOVEit Transfer, a file-transfer tool widely used by enterprises to ...