DeadLock ransomware hides using exploited Polygon smart contracts

Cybersecurity researchers have uncovered a significant and concerning evolution in the operational tactics of the DeadLock ransomware group. DeadLock is now actively leveraging publicly deployed smart contracts on the Polygon blockchain network to obscure its Command and Control (C2) infrastructure and facilitate key exchange with victims. This technique bypasses traditional network defense measures and establishes a highly resilient, decentralized backbone for their illicit activities.

Rather than relying on vulnerable, locatable HTTP or DNS C2 channels, DeadLock encodes vital operational data directly into the metadata fields of Polygon transactions or exploits specific storage variables within compromised or custom-made smart contracts. This data includes unique victim identifiers, temporary session keys, and instructions for payment verification. Because the data is recorded on an immutable public ledger, it provides a persistent, censorship-resistant communication channel that is nearly impossible to disrupt.

The adoption of decentralized ledger technology (DLT) grants DeadLock two key operational benefits: unparalleled resilience and evasion. Traditional C2 servers can be identified, geo-located, and eventually seized or taken offline by law enforcement. Conversely, blocking access to a major public blockchain like Polygon is impractical and ineffective. The decentralized nature ensures near-perfect uptime for the essential key exchange mechanism required for successful extortion, rendering traditional takedown efforts obsolete.

This sophisticated tactic underscores a growing trend among advanced cybercrime syndicates to utilize the robust properties of blockchain technology for infrastructure security. Defenders must now move beyond conventional network traffic analysis and integrate specialized blockchain monitoring and transaction forensics into their threat intelligence frameworks to counter this new wave of highly resilient ransomware operations.

Source: DeadLock ransomware hides using exploited Polygon smart contracts

Disclaimer: This content is generated via ZODIAC AI engine for informational purposes. While we strive for accuracy, we do not guarantee the completeness of the information. This is not financial advice. Decisions should be made based on your own judgment.