DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.
This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant
August 2, 2022
Trend Micro researchers recently analyzed a sample of a new SolidBit ransomware variant that targets users of popular video games and social media platforms. The malware was uploaded to GitHub, where it is disguised as different applications, including a League of Legends account checker tool (Figure 1) and an Instagram follower bot, to lure in ...
- Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
August 2, 2022
Cisco Talos has discovered a relatively new attack framework called “Manjusaka” (which can be translated to “cow flower” from the Simplified Chinese writing) by their authors, being used in the wild. As defenders, it is important to keep track of offensive frameworks such as Cobalt Strike and Sliver so that enterprises can effectively defend against attacks ...
- CISA and ACSC Release Top 2021 Malware Strains
August 2, 2022
CISA and the Australian Cyber Security Centre (ACSC) have published a joint Cybersecurity Advisory on the top malware strains observed in 2021. Malicious cyber actors often use malware to covertly compromise and then gain access to a computer or mobile device. As malicious cyber actors have been using most of these top malware strains for ...
- BlackCat ransomware claims attack on European gas pipeline
August 1, 2022
The ALPHV ransomware gang, aka BlackCat, claimed responsibility for a cyberattack against Creos Luxembourg S.A. last week, a natural gas pipeline and electricity network operator in the central European country. Creos’ owner, Encevo, who operates as an energy supplier in five EU countries, announced on July 25 that they had suffered a cyberattack the previous weekend, ...
- Activists use torrents to spread uncensored news to Russian pirates
August 1, 2022
A team of Ukrainian cyber-activists has thought of a simple yet potentially effective way to spread uncensored information in Russia: bundling torrents with text and video files pretending to include installation instructions. Named “Torrents of Truth,” the initiative is similar to “Call Russia,” a project to help break through Russian propaganda and open people’s eyes to ...
- Russian Hackers Target U.S. HIMARS Maker in ‘New Type of Attack’
August 1, 2022
ussian hackers have launched “a new type of attack” on American military company Lockheed Martin, the maker of the M142 High Mobility Artillery Rocket System (HIMARS), the weapon the hackers believe is responsible for thousands of deaths in Ukraine, according to a pro-Moscow news website. The Kremlin-supporting Life website reported that the cyberattack by the Killnet ...