Skip to main content
JS
Jacob Santos

Jacob Santos

Threat Hunter, Researcher and Builder

Sr. Threat Researcher | Trend AI
17
Articles
14
Threads
10+
Tools
10+
Talks
Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware
Trend AI Research Blog Aug 2025

Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware

RansomwareDefense Evasion

Warlock ransomware exploits unpatched Microsoft SharePoint vulnerabilities to gain initial access, then escalates privileges, steals credentials, moves laterally, and deploys ransomware with data exfiltration across enterprise networks. This research traces the complete attack chain from SharePoint compromise to domain-wide encryption, documenting the specific tools and techniques used at each stage. The campaign demonstrates how a single unpatched web application can lead to full enterprise compromise.