Oracle has confirmed that some users of its E-Business Suite have received extortion emails from hackers — part of what experts are calling a high-volume ransomware campaign. The revelation came shortly after Alphabet’s Google issued a public warning about a series of widespread cyberattacks exploiting vulnerabilities in enterprise software.
In a blog post released Thursday, Oracle acknowledged that attackers may have leveraged already known flaws in its software and urged all customers to upgrade immediately. The company did not specify how many clients were affected.
Google, which first raised the alarm on Wednesday, described the campaign as “high volume” but provided no further details.
Ransom Demands Reach Tens of Millions
Cybersecurity experts suggest that the attacks are financially motivated and potentially severe. Cynthia Kaiser, head of Halcyon’s Ransomware Research Center, told Reuters that her team has seen ransom demands ranging from several million to as high as $50 million. These figures suggest that attackers may be targeting large enterprise environments with the assumption that downtime and data loss would compel rapid payouts.
The extortion campaign is reportedly linked to the cl0p ransomware group — a well-known collective operating under the ransomware-as-a-service (RaaS) model. In response to a Reuters inquiry, cl0p issued a cryptic statement: “We not prepared to discuss details at this time,” but confirmed that Oracle had “bugged up.”
Who Is cl0p?
Cybersecurity researchers have long associated cl0p with Russian-speaking or Russia-linked cybercrime networks. The group is notorious for its evolving tactics, which include exploiting zero-day vulnerabilities and outsourcing attack infrastructure to affiliates. Japanese firm Trend Micro has described cl0p as “a trendsetter for its ever-changing tactics.”
As a RaaS operator, cl0p enables other threat actors to rent their malware and infrastructure in exchange for a percentage of ransom payments. This model has made the group especially effective and difficult to track.
Oracle Urges Customers to Patch Vulnerabilities
Oracle emphasized that affected clients should immediately install the latest patches and review their security protocols. While the full extent of the breach remains unclear, the company’s prompt confirmation of the extortion emails suggests a potentially wide-reaching campaign targeting enterprise users globally.
In a cybersecurity landscape where sophisticated groups like cl0p exploit every available vulnerability, Oracle’s call to action serves as a reminder for enterprises to maintain up-to-date defenses.
