Warlock: The Ransomware Dominating 2025

A feared ransomware, already active in over 400 organizations worldwide

Since its emergence in June 2025, Warlock has established itself as one of the most feared threats in the cybercriminal ecosystem.
Its specialty: exploiting critical Microsoft SharePoint vulnerabilities to infiltrate networks, exfiltrate sensitive data and launch large-scale encryption campaigns.

Already associated with several Chinese cybercriminal groups, Warlock has its own data leak site (DLS) and has compromised over 400 organizations worldwide, including Orange and Colt Technology Services.

Download the full report and discover:

Le mode opératoire détaillé de Warlock et ses techniques d’intrusion
Les vulnérabilités critiques exploitées dans SharePoint et Veeam
Les outils utilisés pour la persistance, l’exfiltration et le chiffrement
Concrete technical indicators for your SOC teams
Des bonnes pratiques et mesures défensives pour contenir ses attaques

This first CTI report from the NEVERHACK Incident Response team provides an exclusive analysis of Warlock's tactics and the defense measures to activate immediately.

Get the report

First name*

Last name*

Email*

Phone*

Company*

Select your country*

We’re committed to your privacy. NEVERHACK uses the information you provide to contact you about our relevant content, products and services. For more information, check out our Privacy Policy.

I would like to receive the NEVERHACK newsletter

Warlock: The Ransomware Dominating 2025

Get the report

Browse our use cases