DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.
This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ransomware gang leaks data stolen from LAUSD school system
October 3, 2022
Thousands of files apparently stolen last month in a ransomware attack on the Los Angeles Unified School District were released on the dark web over the weekend. The threat has been a major concern for the nation’s second-largest school district since Labor Day Weekend, when a cyber intrusion forced school district officials to take the extraordinary ...
- CISA Issues Binding Operational Directive 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks
October 3, 2022
CISA has issued Binding Operational Directive (BOD) 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks, which seeks improve asset visibility and vulnerability enumeration across the federal enterprise. Although BOD 23-01 is only applicable to federal civilian executive branch (FCEB) agencies, CISA recommends all stakeholders review and incorporate the standards it sets forth. Doing so ...
- Russian retail chain ‘DNS’ confirms hack after data leaked online
October 3, 2022
Russian retail chain ‘DNS’ (Digital Network System) disclosed yesterday that they suffered a data breach that exposed the personal information of customers and employees. DNS is Russia’s second-largest computer and home appliance store chain, with 2,000 branches and 35,000 employees. According to the scant details provided in the announcement, a group of hackers residing outside the Russian ...
- UK: Liz Truss’ and Cabinet Ministers’ mobile numbers are being sold online for £6.49
October 2, 2022
The personal mobile phone numbers of the Prime Minister and 25 of her Cabinet Ministers are being sold on the internet, The Mail on Sunday can reveal. They can be accessed on a shady US website charging just £6.49 for access to the information, which cyber experts warn could be used by China and Russia to ...
- Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082
October 1, 2022
Added information about Exploit:Script/ExchgProxyRequest.A, Microsoft Defender AV’s robust detection for exploit behavior related to this threat. Microsoft also removed a section on MFA as a mitigation, which was included in a prior version of this blog as standard guidance. Microsoft is aware of limited targeted attacks using two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, ...
- Lazarus hackers abuse Dell driver bug using new FudModule rootkit
October 1, 2022
The notorious North Korean hacking group ‘Lazarus’ was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack. The spear-phishing campaign unfolded in the autumn of 2021, and the confirmed targets include an aerospace expert in the Netherlands and a political journalist in Belgium. According to ESET, which ...