DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.
This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Business technology giant Konica Minolta hit by new ransomware
August 16, 2020
Business technology giant Konica Minolta was hit with a ransomware attack at the end of July that impacted services for almost a week, BleepingComputer has learned. Konica Minolta is a Japanese multinational business technology giant with almost 44,000 employees and over $9 billion in revenue for 2019. Read more… Source: Bleeping Computer
- Canada suffers cyberattack used to steal COVID-19 relief payments
August 16, 2020
Canadian government sites used to provide access to crucial services for immigration, taxes, pension, and benefits have been breached in a coordinated attack to steal COVID-19 relief payments. The online portal referred to as GCKey is acritical single sign-on (SSO) system used by the public to access multiple Canadian government services. Read more… Source: Bleeping Computer
- Online crime in Africa a bigger threat than ever before, INTERPOL report warns
August 14, 2020
Despite lower online connectivity, organized crime groups are using online tools for a range of illicit activities A new INTERPOL report on online organized crime in Africa shows how digitalization is transforming almost every major crime area across the continent. “Online crime now represents a bigger security issue for law enforcement in Africa than ever before,” reads ...
- Patch List: Adobe, Citrix, Intel, and vBulletin Vulns
August 14, 2020
Vulnerabilities expose enterprises’ systems to compromise. Now that many employees are working from home and operating devices outside the more secure office environments, the need to patch vulnerabilities as soon as they are discovered has become even more pressing. Aside from Microsoft, the following vendors also released patches recently: Adobe, Citrix, Intel, and vBulletin. We rounded ...
- FBI and NSA expose new Linux malware Drovorub, used by Russian state hackers
August 13, 2020
The FBI and NSA have published today a joint security alert containing details about a new strain of Linux malware that the two agencies say was developed and deployed in real-world attacks by Russia’s military hackers. The two agencies say Russian hackers used the malware, named Drovorub, was to plant backdoors inside hacked networks. Based on evidence ...
- XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
August 13, 2020
Trend Micro has discovered an unusual infection related to Xcode developer projects. Upon further investigation, we discovered that a developer’s Xcode project at large contained the source malware, which leads to a rabbit hole of malicious payloads. Most notable in our investigation is the discovery of two zero-day exploits: one is used to steal cookies ...