Colt Technology Services has revealed that its recovery from a severe cyberattack, initiated on August 12, is expected to drag on until late November. The telco was hit by the Warlock ransomware group, which disrupted many of its internal and customer-facing systems. Even weeks after the breach, vital services are still offline or partially affected.
What’s Still Down & What’s Being Restored
While Colt has managed to bring its network infrastructure back online, several important platforms remain unavailable. These include its customer portal, network-as-a-service portal, and multiple hosting APIs. The billing systems are also impacted, preventing the issuance of new invoices in many cases. Direct debit payment collection is delayed for some customers, though contractually agreed payment methods are still active. Colt reports that foundational recovery work has been mostly completed, and more priority is being given to core systems.
India to Honour Top CISOs from Police, Law Enforcement, and Defence Forces
Colt engaged external cybersecurity experts to examine its business support system (BSS) and operational support system (OSS). Their investigation and penetration tests found no indication that the OSS was compromised. However, several customer platforms and portals remain down, and service restoration is being approached in phases to ensure security and stability.
Data Breach & Regulatory Fallout
The Warlock group claims responsibility for the attack and has posted about it on its data leak site. Colt’s allegedly stolen data is reportedly being auctioned, though what exactly has been stolen has not yet been made fully public. Observers believe this may be part of a “double extortion” strategy, where attackers both encrypt or disable systems and threaten to release sensitive data if their demands are not met.
Colt has notified regulatory, law enforcement, and cybersecurity bodies in at least 27 countries, filing more than 75 reports. Meanwhile, customers are being kept informed through service status updates and weekly reports on recovery progress. Although some systems are functional, many of the customer-facing functionalities remain disrupted.