Ransomware DeadLock memanfaatkan teknologi blockchain

sidra salman khan · 2026-01-15T20:28:12.000Z

Ya — ransomware DeadLock memang memanfaatkan teknologi blockchain, tetapi tidak dalam artian menyerang blockchain itu sendiri. Sebaliknya, ia menyalahgunakan fitur blockchain publik untuk membuat infrastruktur perintah dan kendali (C2) lebih sulit dideteksi dan diblokir. � SC Media +1 🧠 Bagaimana DeadLock Menggunakan Blockchain 1. Kontrak cerdas untuk penyimpanan alamat proxy DeadLock menyimpan alamat server proxy dalam kontrak cerdas di blockchain Polygon (jaringan Layer-2 publik). Alamat-alamat ini membantu mesin yang terinfeksi untuk terhubung kembali ke infrastruktur penyerang. Karena informasi proxy berada di blockchain terdesentralisasi, para penanggulang tidak bisa dengan mudah menonaktifkan atau memblokir alamat-alamat tersebut seperti halnya dengan domain atau IP C2 yang biasa ditanamkan secara tetap. �

Yes — DeadLock ransomware does exploit blockchain technology, but not in the sense of attacking the blockchain itself. Instead, it abuses public blockchain features to make its command-and-control (C2) infrastructure harder to detect and block. �
SC Media +1
🧠 How DeadLock Uses Blockchain
1. Smart contracts for proxy address storage
DeadLock stores proxy server addresses in smart contracts on the Polygon blockchain (a public Layer-2 network). These addresses help victims’ infected machines connect back to the attacker’s infrastructure. Because the proxy info lives on a decentralized blockchain, defenders can’t easily takedown or block these addresses the way they would with traditional hard-coded C2 domains or IPs. �
SC Media
2. Dynamic, resilient infrastructure
Instead of hard-coding IPs or URLs, DeadLock queries the smart contract to fetch the latest proxy servers. This lets the operators rotate infrastructure continually without updating the malware itself — a novel use of blockchain in malware campaigns. �
Phemex
3. Evading detection and takedown
Because the address data is stored decentralized and queryable with read-only blockchain calls, conventional blocking (e.g., DNS/IP blocklists) can’t easily keep up. This technique mirrors other recent blockchain abuse campaigns where decentralized networks are used as covert channels. �
Decrypt
📌 What Blockchain Means for This Ransomware
Blockchain is used as an evasion layer, not the payload or encryption mechanism itself. �
SC Media
DeadLock still encrypts victims’ files and demands ransom in typical fashion. �
Decrypt
The innovation lies in how the malware retrieves its infrastructure details — via smart contracts. �
Infosecurity Magazine
📊 Why This Matters
Using blockchain in this way signals a shift in threat actor tactics. Public blockchains provide a censorship-resistant platform that attackers can repurpose for resilient command infrastructure, making detection and disruption harder for defenders. �
SC Media
#DeadLock  #Ransomware #BlockchainAbuse  #CyberSecurity  #Malware 

DeadLock ransomware exploits blockchain technology

Berita Terbaru