According to Decrypt, cybersecurity firm Group-IB has discovered a ransomware program called DeadLock that uses Polygon smart contracts to evade detection. Instead of relying on hard-coded command and control (C2) servers, this ransomware obtains proxy server addresses by querying smart contracts on Polygon, enabling dynamic infrastructure rotation. This technology, which uses blockchain to store configuration information, renders traditional domain name or IP blocking methods ineffective. DeadLock was first discovered in July 2025. It also uses the encrypted communication software Session for ransom negotiations and threatens to sell stolen data if a ransom is not paid.