Cybersecurity firm Group-IB has identified a new ransomware named DeadLock that leverages Polygon smart contracts to avoid detection. Unlike traditional ransomware, DeadLock does not rely on hardcoded command and control (C2) servers. Instead, it queries smart contracts on the Polygon network to obtain proxy server addresses, enabling dynamic infrastructure rotation. This method of using blockchain to store configuration data renders conventional domain or IP blocking ineffective. Discovered in July 2025, DeadLock also employs encrypted communication software Session for ransom negotiations, threatening to sell stolen data if the ransom is not paid.
DeadLock Ransomware Utilizes Polygon Smart Contracts to Evade Detection
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.