Google is warning that the notorious Clop ransomware gang is flooding executive inboxes with extortion demands after claiming to have breached Oracle E-Business Suite installations. The hackers started their campaign on September 29, targeting "numerous" large organizations with threats backed by alleged stolen data from Oracle's widely-used enterprise software. While Google hasn't confirmed the breach claims, the attackers are already demanding ransoms as high as $50 million.
The corporate world just got a harsh reminder that no enterprise software is immune from ransomware attacks. Google's cybersecurity teams are tracking an active extortion campaign where the Clop ransomware gang is directly targeting C-suite executives with claims they've compromised Oracle E-Business Suite installations.
Genevieve Stark, Google's head of cybercrime analysis, confirmed to TechCrunch that the campaign launched around September 29, with hackers sending personalized threats to executives at "numerous" large organizations. What makes this particularly concerning isn't just the scale - it's the sophistication of the attack vector.
According to Charles Carmakal, CTO of Google's Mandiant incident response unit, the malicious emails aren't random phishing attempts. They contain contact addresses directly lifted from Clop's data leak site, the same platform the gang uses to publicly shame victims into paying ransoms. This suggests the hackers have already accessed substantial amounts of corporate data and are now leveraging it for targeted extortion.
The financial stakes are enormous. Bloomberg reported that in at least one case, the attackers demanded $50 million from an affected company - a figure that underscores both the value of the stolen data and Clop's confidence in their position.
Clop has earned its reputation as one of the most prolific ransomware operations globally, responsible for breaching hundreds of companies through zero-day vulnerabilities - previously unknown security flaws that give them unprecedented access before patches exist. Their track record includes mass-hack campaigns that have exposed data on tens of millions of people, making them a household name in cybersecurity circles.
