DeadLock ransomware hides using exploited Polygon smart contracts

Group-IB found a ransomware dubbed DeadLock that is exploiting Polygon smart contracts to rotate proxy addresses to evade takedowns.

A recently-discovered ransomware dubbed “DeadLock” is stealthily exploiting Polygon smart contracts to rotate and distribute proxy addresses, say researchers at cybersecurity firm Group-IB.

The company reported on Thursday that the DeadLock ransomware, first discovered in July, has seen “low exposure” as it isn’t tied to any known data leak site or affiliate programs and has a “limited number of reported victims.”

However, Group-IB warned that even though the ransomware is “low profile,” it uses “innovative methods” that could be dangerous to organizations that don’t take the malware seriously, “especially since the abuse of this specific blockchain for malicious purposes has not been widely reported.”

Read more