Article Details
Scrape Timestamp (UTC): 2025-08-21 20:44:36.917
Original Article Text
Click to Toggle View
Colt confirms customer data stolen as Warlock ransomware auctions files. UK-based telecommunications company Colt Technology Services confirms that customer documentation was stolen as Warlock ransomware gang auctions files. The British telecommunications and network services provider previously disclosed it suffered an attack on August 12, but this is the first time they confirmed data had been stolen. "A criminal group has accessed certain files from our systems that may contain information related to our customers and posted the document titles on the dark web," reads an updated security incident advisory on Colt's site. "We understand that this is concerning for you." "Customers are able to request a list of filenames posted on the dark web from the dedicated call centre." This statement comes after the Warlock Group began selling on the Ramp cybercrime forum what they claim is 1 million documents stolen from Colt. The documents are being sold for $200,000 and allegedly contain financial information, network architecture data, and customer information. BleepingComputer can confirm that the Tox ID listed in the forum post matches an ID used in earlier versions of the ransomware gang's ransom notes. The Warlock Group (aka Storm-2603) is a ransomware gang attributed to Chinese threat actors who utilize the leaked LockBit Windows and Babuk VMware ESXi encryptors in attacks. When the ransomware gang launched in March 2025, they used LockBit ransomware notes in their attacks, customized to include a Tox ID for ransom negotiations. In June, the ransomware gang branded itself as the "Warlock Group," with customized ransom notes and dark web negotiation and data leak sites. Last month, Microsoft reported that the threat actors were exploiting a SharePoint vulnerability to breach corporate networks and deploy ransomware. In negotiations seen by BleepingComputer, the ransomware gang demands ransom ranging between $450,000 and millions of dollars. Picus Blue Report 2025 is Here: 2X increase in password cracking 46% of environments had passwords cracked, nearly doubling from 25% last year. Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
Daily Brief Summary
Colt Technology Services, a UK telecommunications firm, confirmed customer data was stolen by the Warlock ransomware group, which is auctioning the files on the dark web.
The attack on August 12 initially reported as a security incident, now reveals unauthorized access to sensitive customer information, including financial and network data.
The Warlock Group, linked to Chinese threat actors, demands $200,000 for approximately 1 million documents, utilizing leaked LockBit and Babuk encryptors.
Colt has established a dedicated call center for customers to request lists of compromised filenames, aiming to manage the fallout and maintain transparency.
The ransomware group has previously exploited a SharePoint vulnerability, indicating a sophisticated approach to breaching corporate networks.
This incident underscores the ongoing threat of ransomware groups leveraging known vulnerabilities and selling stolen data on cybercrime forums.
Organizations are urged to enhance their cybersecurity measures, particularly in patch management and network monitoring, to mitigate such risks.