DeadLock ransomware utilizes Polygon smart contract rotating proxy addresses.

According to Foresight News , citing Cointelegraph, researchers at security firm Group-IB have discovered that ransomware called DeadLock is using Polygon smart contracts to hide itself and rotate proxy addresses. First discovered last July, this ransomware dynamically updates the addresses of its command and control infrastructure used to communicate with victims by calling specific smart contracts. Once a victim is infected and their data is encrypted, DeadLock sends a ransom note threatening to sell the stolen data if its demands are not met. Researchers point out that storing proxy addresses on-chain makes its infrastructure extremely difficult to compromise because there is no central server that can be shut down, and blockchain data is permanently stored on nodes worldwide. This method of abusing smart contracts to transmit proxy addresses is highly variable.