WarLock Strikes Colt with Ransomware and Stolen Data

Databreach

Colt Responds to a Major Cyberattack

Colt Technology Services recently detected a cyberattack that disrupted its internal systems. Platforms like Colt Online and Voice API went offline. At first, the company described the disruption as technical, but later admitted it was caused by attackers. Colt decided to isolate affected systems immediately. Recovery continues while the customer network remains fully operational. This quick action limited further exposure and gave the security team control.

WarLock Advertises Stolen Data for Sale

The WarLock ransomware group, using the alias “cnkjasdfgd”, claimed responsibility. According to their statement, they extracted one million sensitive documents. The stolen files reportedly contain employee salaries, executive details, internal emails, and customer information. WarLock now demands $200,000 for the full dataset and has posted samples online. Colt continues its investigation and has not yet confirmed the exact scope of the theft. Despite this, the group insists that the stolen data is authentic and extensive.

Attack Linked to SharePoint Zero-Day

Security experts connected the breach to a zero-day flaw in Microsoft SharePoint. The exploit, part of an attack chain known as “ToolShell,” allowed criminals to run code remotely. Through this access, the group uploaded malicious files, obtained cryptographic keys, and maintained persistence inside the network. Microsoft released emergency patches in July 2025 for all supported SharePoint server editions. SharePoint Online, however, was not affected.

The flaw enabled large-scale data theft, and analysts believe hundreds of gigabytes were extracted. Because of this risk, organizations are urged to apply security updates immediately. In addition, experts recommend enabling AMSI, rotating machine keys, and monitoring logs for suspicious activity. Acting quickly can prevent similar attacks and minimize potential losses.

Key Takeaway for Eye World Readers

The Colt incident demonstrates how quickly a zero-day can escalate into a large breach. WarLock is already monetizing stolen data, which shows the financial motives behind these attacks. Businesses must treat patch management as a priority. Combining timely updates with layered defenses, proactive monitoring, and staff awareness reduces the chance of becoming the next victim.

Facebook
X
LinkedIn
Picture of Fredrik Bjoerklund
Fredrik Bjoerklund
Fredrik Björklund serves as the CEO of Eye World, bringing with him over two decades of experience in internet-based industries. With a strong background in Internet and Cybersecurity, Fredrik is recognized as a seasoned expert in digital risk management, online infrastructure, and the ever-evolving cybersecurity landscape. His deep understanding of the digital world positions him as a trusted voice in the industry. As part of his leadership role, Fredrik will take an active position in curating and reporting on global cybersecurity developments. He will regularly update the Eye News Section with the latest insights, emerging threats, and critical updates in the cybersecurity domain, ensuring readers are well-informed in an increasingly digital and vulnerable world.