Colt confirms customer data stolen as Warlock ransomware crew auctions off details

News
By published

Colt is currently determining the nature of the stolen files

ransomware
Image credit: Pixabay (Image credit: Pixabay)
  • Colt has updated its status page to confirm data exfiltration
  • It is currently looking into the type of information stolen
  • Warlock is selling the archives for $200,00

Colt Technology Services has confirmed sensitive customer data was stolen in a recent cyberattack, and is now being sold online.

Customers of the UK telco firm recently complained after not being able to access some of its services, and soon after, the company said it was being forced to shut down parts of its infrastructure due to an ongoing attack.

At the time, the company did not discuss the identity of the attackers, or if they stole any files, but now a ransomware group known as Warlock has claimed to be behind the attack, and has already started selling a database with a million files on the dark web, for $200,000.

Attacking SharePoint servers

Now, Colt seems to have confirmed these reports, at least in part.

“Through our extensive investigation, we have determined that some data has been taken,” an updated announcement says. “Our priority is to determine at pace the precise nature of the data that is impacted and notify any affected parties.”

Warlock claims the archives contain financial information, network architecture data, and customer information. If these claims turn out to be true, the archive is a true treasure trove for criminals who can use it for phishing, identity theft, and even wire fraud.

Colt’s customers are reportedly able to request a list of filenames posted on the dark web from the dedicated call center.

Warlock is a Chinese group deploying LockBit’s Windows, and Babuk’s VMware ESXi encryptors in its attacks.

Experts believe the attackers most likely went for Colt’s SharePoint servers, which have proved attractive targets for hackers in recent times. Some of these servers were pulled offline after, most likely, being infected with a webshell - and Colt seems to have added firewalls to those servers, following the attack.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.