DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.
This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ryuk gang estimated to have made more than $150 million from ransomware attacks
January 7, 2021
The operators of the Ryuk ransomware are believed to have earned more than $150 million worth of Bitcoin from ransom payments following intrusions at companies all over the world. In a joint report published today, threat intel company Advanced Intelligence and cybersecurity firm HYAS said they tracked payments to 61 Bitcoin addresses previously attributed and linked ...
- Expanding Range and Improving Speed: A RansomExx Approach
January 6, 2021
RansomExx, a ransomware variant responsible for several high-profile attacks in 2020, has shown signs of further development and unhampered activity. The most recently reported development involves the use of newer variants adapted for Linux servers that effectively expanded its range to more than Windows servers. Own monitoring efforts found RansomExx compromising companies in the United States, ...
- CISA Update: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
January 6, 2021
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat ...
- JetBrains denies being involved in SolarWinds hack
January 6, 2021
Czech software development firm JetBrains published a statement today denying reports from the New York Times and the Wall Street Journal claiming that JetBrains is under investigation for possibly being involved in the SolarWinds hack that impacted thousands of companies across the globe. The reports, citing government sources, said that US officials are looking at a ...
- Australian cybersecurity agency used as cover in malware campaign
January 5, 2021
The Australian government warns of an ongoing campaign impersonating the Australian Cyber Security Centre (ACSC) to infect targets with malware. Scammers coordinating these attacks are also actively attempting to convince potential victims to install remote administration and desktop sharing software with the end goal of stealing the targets’ banking information. “The Australian Cyber Security Centre (ACSC) warns ...
- Cyberattacks on Healthcare Spike 45% Since November
January 5, 2021
As COVID-19 ravages international healthcare systems, cybercriminals have decided to leverage the increasingly dire circumstances to squeeze a few bucks out of the human suffering. According to new findings from Check Point Software, healthcare organizations have seen a 45-percent increase in cyberattacks since November, which is more than double other industry sectors, which a average 22-percent ...