DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.
This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian underground forums launch competitions for cryptocurrency, NFT hacks
June 2, 2021
Cybercriminals in underground forums have been soliciting techniques for compromising cryptocurrency services. Capture the Flag competitions, conference calls for papers, and gamification in cybersecurity courses designed to equip learners with hands-on skills are all common in the white hat realm, but in opposition, contests are also being launched by cybercriminals to create new offensive techniques. Read more… Source: ...
- This is how attackers bypass Microsoft’s AMSI anti-malware scanning protection
June 2, 2021
In an investigation into techniques used to either avoid or disable AMSI, Sophos researchers said on Wednesday that threat actors will try everything from living-off-the-land tactics to fileless attacks. Perhaps the opportunities AMSI bypass represents were highlighted in a tweet by security expert Matt Graeber in 2016, in which Sophos says a single line of code ...
- Australian Cyber Security Centre using classified capabilities to warn local entities of impending ransomware hit
June 2, 2021
While the Australian Cyber Security Centre (ACSC) is engaged in helping a local organisation remove and recover from a ransomware hit or cyber attack, its overseer, the Australian Signals Directorate (ASD) is able to use its more secretive powers to find out if any other organisations are on the attackers hit list. Speaking about the attack ...
- IT threat evolution Q1 2021
May 31, 2021
In December, SolarWinds, a well-known IT managed services provider, fell victim to a sophisticated supply-chain attack. The company’s Orion IT, a solution for monitoring and managing customers’ IT infrastructure, was compromised by threat actors. This resulted in the deployment of a custom backdoor, named Sunburst, on the networks of more than 18,000 SolarWinds customers, including ...
- U.S. Critical Infrastructure: Addressing Cyber Threats and the Importance of Prevention
May 31, 2021
The critical infrastructure of the United States includes all those systems and assets that are essential to the proper functioning, economy, health, and safety of American society. The roads and railways that we travel on; the Internet and the mobile networks that connect us; the water that we drink; the healthcare, financial services and security ...
- Swedish Health Agency shuts down SmiNet after hacking attempts
May 31, 2021
The Swedish Public Health Agency (Folkhälsomyndigheten) has shut down SmiNet, the country’s infectious diseases database, on Thursday after it was targeted in several hacking attempts. SmiNet, which is also used to store electronic reports with statistics on COVID-19 infections, was shut down on Thursday to investigate the attacks and was brought back online on Friday evening. Read ...