DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.
This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Fairfax County schools hit by Maze ransomware, student data leaked
September 12, 2020
Fairfax County Public Schools (FCPS), the 10th largest school division in the US, was recently hit by ransomware according to an official statement published on Friday evening. The school district is also the largest in the Baltimore-Washington Metropolitan Area and it has a budget of $3.1 billion approved for 2021. FCPS has over 188,000 current students and ...
- Palo Alto Networks fixes critical flaw in PAN-OS firewall software
September 11, 2020
Palo Alto Networks has fixed a new critical vulnerability affecting multiple versions of PAN-OS, the operating system affecting its next-generation firewalls. The issue received the identification number CVE-2020-2040 and has a severity score of 9.8 out of 10 and requires no user interaction. An unauthenticated attacker can exploit it by sending a malicious request to specific ...
- APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins
September 11, 2020
The Russia-linked threat group known as APT28 has changed up its tactics to include Office 365 password-cracking and credential-harvesting. Microsoft researchers have tied APT28 (a.k.a. Strontium, Sofacy or Fancy Bear) to this newly uncovered pattern of O365 activity, which began in April and is ongoing. The attacks have been aimed mainly at U.S. and U.K. organizations ...
- Microsoft confirms Chinese, Iranian, and Russian cyber-attacks on Biden and Trump campaigns
September 10, 2020
Microsoft said today that Chinese, Iranian, and Russian state-sponsored hackers had tried to breach email accounts belonging to people associated with the Biden and Trump election campaigns. The “majority of these attacks” were detected and blocked, according to Tom Burt, Corporate Vice President for Customer Security & Trust at Microsoft. Burt disclosed the incidents in a blog ...
- An overview of targeted attacks and APTs on Linux
September 10, 2020
Perhaps unsurprisingly, a lot has been written about targeted attacks on Windows systems. Windows is, due to its popularity, the platform for which we discover most APT attack tools. At the same time, there’s a widely held opinion that Linux is a secure-by-default operating system that isn’t susceptible to malicious code. It’s certainly true that ...
- Ransomware: Huge rise in attacks this year as cyber criminals hunt bigger pay days
September 9, 2020
There’s been a huge increase in the number of ransomware attacks over the course of 2020, with a seven-fold rise in campaigns compared with just last year alone, according to newly released data from cybersecurity researchers. Ransomware attacks have been on the rise and getting more dangerous in recent years, with cyber criminals aiming to encrypt ...