DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.
This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New Android malware bypasses multi-factor authentication to steal your passwords
June 16, 2022
A newly discovered form of Android malware steals passwords, bank details and cryptocurrency wallets from users – and it does so by bypassing multi-factor authentication protections. The malware has been detailed by cybersecurity researchers at F5 Labs, who’ve dubbed it MaliBot. It’s the latest in a string of powerful malware targeting Android users. In addition to remotely ...
- A hacker group said it has broken into the Israeli electricity network
June 16, 2022
A hacker group identifying itself as the “Moses Staff” said it has broken into the Israeli electricity network, vowing to plunge the regime into darkness. The group said on Wednesday it had targeted the Israel Electric Corporation, the largest supplier of electrical power in the occupied territories, as well as Dorad Energy Ltd., which serves customers ...
- 730K WordPress sites force-updated to patch critical plugin bug
June 16, 2022
WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild. The vulnerability is a code injection vulnerability affecting multiple Ninja Forms releases, starting with version 3.0 and up. Wordfence threat ...
- Extortion gang ransoms Shoprite, largest supermarket chain in Africa
June 15, 2022
Shoprite Holdings, Africa’s largest supermarket chain that operates almost three thousand stores across twelve countries in the continent, has been hit by a ransomware attack. Shoprite is Africa’s largest supermarket chain, with a revenue of $5.8 billion and149,000 employees. The retailer has 2,943 stores, serving millions of customers in South Africa, Nigeria, Ghana, Madagascar, Mozambique, Namibia, ...
- Hundreds arrested and millions seized in global INTERPOL operation against social engineering scams
June 15, 2022
LYON, France — A worldwide crackdown on social engineering fraud has seen scammers identified globally, substantial criminal assets seized and new investigative leads triggered in every continent. The two-month (8 March – 8 May 2022) Operation, codenamed First Light 2022, saw 76 countries take part in an international clampdown on the organized crime groups behind telecommunications ...
- Malaysia-linked DragonForce hacktivists attack Indian targets
June 15, 2022
A Malaysia-linked hacktivist group has attacked targets in India, seemingly in reprisal for a representative of the ruling Bharatiya Janata Party (BJP) making remarks felt to be insulting to the prophet Muhammad. The BJP has ties to the Hindu Nationalist movement that promotes the idea India should be an exclusively Hindu nation. During a late May ...