Ransomware DeadLock is exploiting Polygon smart contracts to rotate proxy addresses to conceal its whereabouts

According to Cointelegraph, researchers from the cybersecurity company Group-IB have discovered a ransomware called "DeadLock" that is using Polygon smart contracts to hide itself and rotate proxy addresses.

This ransomware was first identified in July last year, and it dynamically updates the command and control infrastructure addresses used to communicate with victims by invoking specific smart contracts. Once a victim is infected and data is encrypted, DeadLock issues a ransom note threatening to sell the stolen data if demands are not met.

Researchers pointed out that storing proxy addresses on-chain makes its infrastructure extremely difficult to dismantle, as there is no central server that can be shut down, and blockchain data is permanently retained across global nodes. This method of abusing smart contracts to relay proxy addresses is highly variable. Although DeadLock currently has low exposure and a limited number of known victims, its novel attack techniques still pose a potential threat to organizations that do not take it seriously.