DeadLock Ransomware Uses Polygon Smart Contracts to Evade Detection
Cybersecurity experts warn that DeadLock’s novel use of Polygon smart contracts to mask command-and-control systems poses growing challenges for malware detection and response efforts.
Fact Check
The statement is overwhelmingly supported by all provided sources, with no conflicting evidence. The primary source is a highly authoritative (0.95) technical report from the cybersecurity firm Group-IB, which discovered and analyzed the DeadLock ransomware. This report directly confirms that DeadLock utilizes smart contracts on the Polygon network to store and rotate its command-and-control (C2) proxy addresses, explicitly identifying this as a novel technique to evade detection and takedown. This central finding is consistently corroborated by multiple independent and reputable secondary sources, including specialized cybersecurity magazines and crypto-focused news outlets. These sources all report on the Group-IB findings, confirming that the use of Polygon smart contracts is a key mechanism for the ransomware's operational resilience and evasion strategy. The consistency and high authority of the sources provide a strong foundation for the statement's truthfulness.
Summary
Security researchers have disclosed that the low-profile DeadLock ransomware group is exploiting Polygon smart contracts to hide and rotate its command-and-control infrastructure. First identified in July 2025, this method stores C2 data on-chain, making takedowns more difficult by decentralizing proxy server management. While current exposure is limited, the unusual tactic illustrates evolving ransomware capabilities and raises concerns about blockchain-based threats.
Terms & Concepts
- Smart Contract: A self-executing blockchain code that automatically enforces agreements without intermediaries.
- Polygon: A blockchain network designed to scale Ethereum, enabling faster and cheaper transactions.