Colt Discloses Breach After Warlock Ransomware Group Puts Files Up for Sale

Colt Technology Services, a multinational telecommunications company with operations across Europe, Asia, and North America, has confirmed a devastating data breach by the WarLock ransomware group. The breach, which occurred on August 12, resulted in multi-day outages for various services, including hosting, porting, Colt Online, and Voice API services. In a significant escalation, the threat actors involved have put stolen data up for sale on the Ramp cybercrime forum.

A History of Excellence

Colt Technology Services Group Limited, officially known as Colt, was founded in 1992 as City Of London Telecommunications. The company has since expanded its operations across multiple continents, establishing itself as a leading provider of high-performance connectivity and communication solutions for businesses. With a focus on delivering scalable, secure, and reliable network infrastructure, Colt's services include data, voice, cloud, and managed IT services.

A Breach of Trust

The breach, reportedly caused by WarLock ransomware, has left Colt facing significant disruptions to its operations. The company initially described the issue as a "technical problem" but later confirmed it was a cyberattack. In response, Colt shut down systems to mitigate the threat and notified authorities. However, the exact nature of the attack remains unclear, with some speculating that the company may be attempting to cover up the incident.

Theories Abound

Security expert Kevin Beaumont believes that WarLock likely breached Colt's sharehelp.colt.net system via a Microsoft SharePoint flaw CVE-2025-53770. According to Beaumont, the threat actors remained within the network for over a week before putting sensitive data up for sale on the dark web.

A Ransom Demand

A WarLock affiliate, identified only by the pseudonym "cnkjasdfgd," has claimed responsibility for the breach and offered 1 million stolen documents for $200,000. The documents, which include financial, employee, customer, and internal data, are reportedly being sold on the Ramp cybercrime forum.

A Response from Colt

Colt has acknowledged the breach and is working to restore disrupted systems. In a statement released on August 21, 2025, the company confirmed that it had taken steps to contain and investigate the issue. "We are now aware that the threat actor has accessed certain files that may contain data related to our customers," the statement reads. "Our immediate priority is to determine the precise nature of the files and what information they contain."

A Call to Action

As the situation continues to unfold, Colt's customers are urged to remain vigilant and take steps to protect themselves from potential data breaches. The incident highlights the importance of robust cybersecurity measures and the need for businesses to prioritize their online security.