{"id":867077,"date":"2025-08-22T21:11:49","date_gmt":"2025-08-23T02:11:49","guid":{"rendered":"https:\/\/newsycanuse.com\/index.php\/2025\/08\/22\/colt-confirms-customer-data-stolen-as-warlock-ransomware-auctions-files\/"},"modified":"2025-08-22T21:11:49","modified_gmt":"2025-08-23T02:11:49","slug":"colt-confirms-customer-data-stolen-as-warlock-ransomware-auctions-files","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2025\/08\/22\/colt-confirms-customer-data-stolen-as-warlock-ransomware-auctions-files\/","title":{"rendered":"Colt confirms customer data stolen as Warlock ransomware auctions files"},"content":{"rendered":"
\n

\"Hand<\/p>\n

UK-based telecommunications company Colt Technology Services confirms that customer documentation was stolen as Warlock ransomware gang auctions files.<\/p>\n

The British telecommunications and network services provider previously disclosed it suffered an attack on August 12, but this is the first time they confirmed data had been stolen.<\/p>\n

“A criminal group has accessed certain files from our systems that may contain information related to our customers and posted the document titles on the dark web,” reads an updated\u00a0security incident advisory<\/a> on Colt’s site.<\/p>\n

“We understand that this is concerning for you.”<\/p>\n

“Customers are able to request a list of filenames posted on the dark web from the dedicated call centre.”<\/p>\n

As first spotted by cybersecurity expert Kevin Beaumont<\/a>, Colt added the no-index HTML meta tag to the web page, making it so it won’t be indexed by search engines.<\/p>\n

This statement comes after the Warlock Group began selling on the Ramp cybercrime forum what they claim is 1 million documents stolen from Colt. The documents are being sold for $200,000 and allegedly contain financial information, network architecture data, and customer information.<\/p>\n

\n
\"Threat
Threat actor’s post on a Ramp hacker forum<\/strong>
Source:\u00a0KELA<\/a><\/em><\/figcaption><\/figure>\n<\/div>\n

BleepingComputer can confirm that the Tox ID listed in the forum post matches an ID used in earlier versions of the ransomware gang’s ransom notes.<\/p>\n

The Warlock Group (aka Storm-2603) is a ransomware gang attributed to Chinese threat actors who utilize\u00a0the leaked LockBit Windows\u00a0and Babuk VMware ESXi encryptors in attacks.<\/p>\n

When the ransomware gang launched in March 2025, they used LockBit ransomware notes in their attacks, customized to include a Tox ID for ransom negotiations.<\/p>\n

In June, the ransomware gang branded itself as the “Warlock Group,” with customized ransom notes and dark web negotiation and data leak sites.<\/p>\n

Last month, Microsoft reported that the threat actors were exploiting a SharePoint vulnerability<\/a> to breach corporate networks and deploy ransomware.<\/p>\n

In negotiations\u00a0seen by BleepingComputer, the ransomware gang demands ransom ranging between $450,000 and millions of dollars.<\/p>\n

\n


\n \"Picus
\n <\/a>\n <\/p>\n<\/div><\/div>\n

Read More<\/a>
\n Lawrence Abrams<\/p>\n","protected":false},"excerpt":{"rendered":"

UK-based telecommunications company Colt Technology Services confirms that customer documentation was stolen as Warlock ransomware gang auctions files. The British telecommunications and network services provider previously disclosed it suffered an attack on August 12, but this is the first time they confirmed data had been stolen. “A criminal group has accessed certain files from our<\/p>\n","protected":false},"author":1,"featured_media":867078,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2548,21,46],"tags":[],"class_list":{"0":"post-867077","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-confirms","8":"category-customer","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/867077","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=867077"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/867077\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/867078"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=867077"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=867077"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=867077"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}