DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.
This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Critical Vulnerabilities Affecting SAP Applications Employing Internet Communication Manager (ICM)
February 8, 2022
On February 8, 2022, SAP released security updates to address vulnerabilities affecting multiple products, including critical vulnerabilities affecting SAP applications using SAP Internet Communication Manager (ICM). SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain management. Impacted organizations could experience: theft of sensitive data, financial ...
- FBI: Criminals Increasing SIM Swap Schemes to Steal Millions of Dollars from US Public
February 8, 2022
The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts. From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to ...
- Roaming Mantis reaches Europe
February 7, 2022
Roaming Mantis is a malicious campaign that targets Android devices and spreads mobile malware via smishing. Kaspersky researchers have been tracking Roaming Mantis since 2018, and they observed some new activities by Roaming Mantis in 2021, and some changes in the Android Trojan Wroba.g (or Wroba.o, a.k.a Moqhao, XLoader) that’s mainly used in this campaign. ...
- Medusa Malware Joins Flubot’s Android Distribution Network
February 7, 2022
Flubot, the Android spyware that’s been spreading virally since last year, has hitched its infrastructure wagon up to another mobile threat known as Medusa. That’s according to ThreatFabric, which found that Medusa is now being distributed through the same SMS-phishing infrastructure as Flubot, resulting in high-volume, side-by-side campaigns. The Flubot malware (aka Cabassous) is delivered to targets ...
- Ransomware groups are shifting towards smaller targets, but ones where they can still guarantee a significant payday
February 7, 2022
The cost and risk of executing ransomware attacks is going up, making it harder for cyber criminals to carry them out, which could lead to a decline in the number of overall ransomware attacks. But that could mean some ransomware victims end up paying a heavier price. Ransomware is still running rampant, with several major incidents ...
- Fortune 500 service provider says ransomware attack led to leak of more than 500k SSNs
February 5, 2022
Morley Companies, an organization that provides business services to dozens of Fortune 500 companies, said this week it was hit with a ransomware attack last year that led to the leak of sensitive information for more than 500,000 people. In a press release, the company said the ransomware attack began on August 1 and made their ...