The DeadLock ransomware utilizes Polygon blockchain smart contracts to dynamically rotate and distribute proxy server addresses, making it harder for security systems to detect. First discovered in July 2025, this malware embeds JavaScript in HTML files to interact with the Polygon network and retrieve attacker-controlled servers through RPC gateways. Recent variants also incorporate encrypted communication via the Session app, enhancing covert interactions with victims.