Google is warning that the notorious Clop ransomware gang is flooding executive inboxes with extortion demands after claiming to have breached Oracle E-Business Suite installations. The hackers started their campaign on September 29, targeting "numerous" large organizations with threats backed by alleged stolen data from Oracle's widely-used enterprise software. While Google hasn't confirmed the breach claims, the attackers are already demanding ransoms as high as $50 million.
The corporate world just got a harsh reminder that no enterprise software is immune from ransomware attacks. Google's cybersecurity teams are tracking an active extortion campaign where the Clop ransomware gang is directly targeting C-suite executives with claims they've compromised Oracle E-Business Suite installations.
Genevieve Stark, Google's head of cybercrime analysis, confirmed to TechCrunch that the campaign launched around September 29, with hackers sending personalized threats to executives at "numerous" large organizations. What makes this particularly concerning isn't just the scale - it's the sophistication of the attack vector.
According to Charles Carmakal, CTO of Google's Mandiant incident response unit, the malicious emails aren't random phishing attempts. They contain contact addresses directly lifted from Clop's data leak site, the same platform the gang uses to publicly shame victims into paying ransoms. This suggests the hackers have already accessed substantial amounts of corporate data and are now leveraging it for targeted extortion.
The financial stakes are enormous. Bloomberg reported that in at least one case, the attackers demanded $50 million from an affected company - a figure that underscores both the value of the stolen data and Clop's confidence in their position.
Clop has earned its reputation as one of the most prolific ransomware operations globally, responsible for breaching hundreds of companies through zero-day vulnerabilities - previously unknown security flaws that give them unprecedented access before patches exist. Their track record includes mass-hack campaigns that have exposed data on tens of millions of people, making them a household name in cybersecurity circles.
The attack methodology reveals a troubling evolution in ransomware tactics. Rather than encrypting systems and demanding payment for decryption keys, Clop is focusing on pure data extortion. According to Bloomberg's sources, the hackers exploited compromised user emails and abused Oracle's default password-reset function to gain legitimate credentials for Oracle E-Business Suite portals accessible from the internet.
