DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.
This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- JBS USA cyber attack affecting North American and Australian systems
May 31, 2021
United States-based food processing company JBS USA has confirmed falling victim to a cyber attack, with the aftermath affecting its North American and Australian systems. “On Sunday, May 30, JBS USA determined that it was the target of an organised cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems,” it ...
- New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers
May 29, 2021
A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. Epsilon Red ransomware attacks rely on more than a dozen scripts before reaching the encryption stage and also use a commercial remote desktop utility. Read more… Source: Bleeping Computer
- DarkSide on Linux: Virtual Machines Targeted
May 28, 2021
As we discussed in our previous blog, the DarkSide ransomware is targeting organizations in manufacturing, finance, and critical infrastructures in regions such as the United States, France, Belgium, and Canada. The DarkSide ransomware targets both Windows and Linux platforms. We also noticed that the Linux variant, in particular, targets ESXI servers. In this blog, we focus ...
- Russian gang behind SolarWinds hack returns with phishing attack disguised as mail from US aid agency
May 28, 2021
Nobelium, the Russia-aligned gang identified as the perpetrators of the supply chain attack on SolarWinds’ Orion software, has struck again, Microsoft vice president Tom Burt in a blogpost Thursday. Burt’s post says the attacks saw Nobelium gain access to accounts on the email marketing service “Constant Contact” operated by The United States Agency for International Development ...
- Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices
May 27, 2021
Mandiant published detailed results of our investigations into compromised Pulse Secure devices by suspected Chinese espionage operators. This blog post is intended to provide an update on our findings, give additional recommendations to network defenders, and discuss potential implications for U.S.-China strategic relations. Mandiant continues to gather evidence and respond to intrusions involving compromises of Pulse ...
- Threats From a Compromised 4G/5G Campus Network
May 27, 2021
Over the past two decades, industrial sectors and everyday users have reaped the benefits of advancements in telecom technologies. At present, the catalyst and basis for future changes is 5G. A sign of this continuing development and influence for some industries is their investment in non-public networks (NPN), also commonly referred to as campus networks. The ...