BusinessPostCorner.com
No Result
View All Result
Friday, July 17, 2026
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
BusinessPostCorner.com
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
No Result
View All Result
BusinessPostCorner.com
No Result
View All Result

DeadLock Ransomware Abuses Polygon Smart Contracts

January 15, 2026
in Crypto News
Reading Time: 5 mins read
A A
0
DeadLock Ransomware Abuses Polygon Smart Contracts
ShareShareShareShareShare

Journalist

Hassan Shittu

Journalist

Hassan ShittuVerified

Part of the Team Since

Jun 2023

About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in…

Share

Last updated: 

January 15, 2026

DeadLock Ransomware Abuses Polygon Smart Contracts

Cybersecurity researchers are becoming interested in a newly discovered ransomware strain called DeadLock that abuses Polygon smart contracts to silently service its infrastructure and bypass conventional detection tools, as a recent report by threat intelligence firm Group-IB depicts.

DeadLock, first observed in July 2025, has so far remained largely under the radar because it does not have a publicly facing affiliate program, it does not have a data leak site, and its victims have been connected to comparatively few confirmed victims.

🚨 DeadLock Ransomware: When Blockchain Meets Cybercrime

Group-IB has uncovered a sophisticated new threat rewriting the ransomware playbook. DeadLock leverages Polygon smart contracts to rotate proxy addresses, a stealthy, under-reported technique that bypasses traditional… pic.twitter.com/rlPu9gZd5F

— Group-IB Global (@GroupIB) January 15, 2026

That profile, however, covers a more technologically sophisticated strategy that researchers believe is showing a more global change in the way cybercriminals are using public blockchains for criminal ends.

How DeadLock Hides Ransomware Infrastructure Inside Polygon Smart Contracts

Group-IB’s analysis shows that DeadLock uses smart contracts deployed on the Polygon network to store and rotate proxy server addresses.

These proxies act as intermediaries between infected systems and the ransomware operators, allowing command-and-control traffic to shift endpoints without relying on centralized infrastructure that can be seized or blocked.

By querying the smart contract, the malware retrieves the current proxy address through a simple read operation that leaves no obvious transactional footprint and incurs no network cost.

Researchers said this technique mirrors earlier campaigns, such as EtherHiding, disclosed last year, in which North Korean threat actors used the Ethereum blockchain to conceal and distribute malware payloads.

In both cases, public and decentralized ledgers were turned into resilient communication channels that are difficult for defenders to disrupt. DeadLock’s use of Polygon extends that concept by embedding proxy management directly into a smart contract, allowing attackers to update infrastructure on demand.

Source: Group-IB

Once deployed, DeadLock encrypts files and appends a “.dlock” extension, alters system icons, and replaces the victim’s wallpaper with ransom instructions.

Over time, the group’s ransom notes have evolved, with early samples referencing only file encryption, while later versions explicitly stated that sensitive data had been stolen and threatened its sale if payment was not made.

The most recent ransom notes also promise “added services,” including a breakdown of how the network was breached and assurances that the victim will not be targeted again.

This Ransomware Doesn’t Just Lock Files — It Opens a Chat With Hackers

Group-IB identified at least three distinct DeadLock samples from mid-2025, each showing incremental changes in tactics.

Analysis of associated PowerShell scripts suggests the malware aggressively disables non-essential services, deletes volume shadow copies to prevent recovery, and whitelists a limited set of processes, notably including AnyDesk

Investigators believe AnyDesk is used as the primary remote access tool during attacks, a finding consistent with separate digital forensics investigations.

A key element of DeadLock’s operation is an HTML file dropped on infected systems that embeds an encrypted session messenger interface. Victims can communicate directly with attackers through this file without installing additional software.

Source: Group-IB

The embedded JavaScript retrieves proxy addresses from the Polygon smart contract, then routes encrypted messages through those servers to a session ID controlled by the ransomware operators.

Transaction analysis shows that the same wallet created multiple identical smart contracts and repeatedly updated proxy addresses by calling a function labeled “setProxy.”

The wallet was funded through an exchange-linked address shortly before the contracts were deployed, indicating deliberate preparation.

Historical tracking of these transactions allows defenders to reconstruct past proxy infrastructure, although the decentralized design complicates rapid takedown efforts.

The finding is part of an overall increase in crypto-related cybercrime, as over $3.4 billion was stolen by hacks and exploits as of early December 2025, with state-linked North Korean groups accounting for over $2 billion of that total.



Credit: Source link

ShareTweetSendPinShare
Previous Post

Venezuela’s opposition leader says she gave her Nobel Peace Prize to Trump

Next Post

The future of dual ETF share classes after SEC approvals

Next Post
The future of dual ETF share classes after SEC approvals

The future of dual ETF share classes after SEC approvals

Behind the multiple in accounting firms

Behind the multiple in accounting firms

July 14, 2026
CRM data migration: A practical process overview

CRM data migration: A practical process overview

July 16, 2026
Risks and Rewards of AI Leadership Development at Scale

Risks and Rewards of AI Leadership Development at Scale

July 10, 2026
Epstein survivors say Todd Blanche ignored them. Now one Republican senator is making him listen

Epstein survivors say Todd Blanche ignored them. Now one Republican senator is making him listen

July 16, 2026
In the blogs: Hoisting the FIFA trophy

In the blogs: Hoisting the FIFA trophy

July 15, 2026
Crypto News, July 12: Stablecoin Market Cap Drops Amid Memecoin Rotation as CLARITY Act Advances, Bitcoin and Ethereum Price Hold Firm

Crypto News, July 12: Stablecoin Market Cap Drops Amid Memecoin Rotation as CLARITY Act Advances, Bitcoin and Ethereum Price Hold Firm

July 13, 2026
BusinessPostCorner.com

BusinessPostCorner.com is an online news portal that aims to share the latest news about following topics: Accounting, Tax, Business, Finance, Crypto, Management, Human resources and Marketing. Feel free to get in touch with us!

Recent News

Tax Fraud Blotter: Win some, lose some

Tax Fraud Blotter: Win some, lose some

July 17, 2026
Moonshot’s Kimi K3 pushes Chinese AI into Fable-level territory

Moonshot’s Kimi K3 pushes Chinese AI into Fable-level territory

July 17, 2026

Our Newsletter!

Loading
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • DMCA

© 2023 businesspostcorner.com - All Rights Reserved!

No Result
View All Result
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources

© 2023 businesspostcorner.com - All Rights Reserved!