Oracle Confirms Hackers Targeting Customers With Extortion Emails

Oracle has confirmed that hackers are attempting to extort its customers through a widespread cyber campaign, in which users of its E-Business Suite have received threatening emails demanding massive ransoms.

The company issued a blog post on Thursday acknowledging that attackers may have exploited previously known software vulnerabilities and urged all clients to upgrade immediately. The disclosure follows a warning from Google earlier this week, which described the campaign as “high volume.”

Extortion Demands Up to $50 Million

Cybersecurity experts say the ransom demands vary widely. Cynthia Kaiser, head of Halcyon’s Ransomware Research Center, told Reuters that her team had observed extortion requests ranging from millions of dollars to as high as $50 million.

The campaign has been linked to the ransomware group known as cl0p, which responded to Reuters by saying Oracle had “bugged up,” but declined to provide further details.

Who Is Behind cl0p?

Cl0p is a Russia-linked ransomware-as-a-service group that rents out its hacking tools and infrastructure to other cybercriminals in exchange for a share of profits. Japanese cybersecurity firm Trend Micro has previously described cl0p as “a trendsetter for its ever-changing tactics,” noting its adaptability in finding new ways to pressure victims.

Scope Still Unclear

Neither Oracle nor Google has confirmed how many customers have been targeted or whether any payments have been made. Oracle declined to respond to media inquiries about the scale of the incident.

The E-Business Suite, one of Oracle’s flagship enterprise platforms, is used globally by corporations for finance, supply chain, and human resources functions, raising concerns about the potential reach of the campaign.

Broader Cybersecurity Concerns

The attack highlights the growing trend of ransomware operators moving from simply encrypting systems to direct extortion of corporate clients. Experts say that such tactics aim to maximize financial leverage while avoiding the immediate technical hurdles of system disruption.

As Oracle’s investigation continues, cybersecurity analysts warn that this incident underscores the urgent need for enterprises to patch vulnerabilities promptly, improve detection systems, and prepare response strategies for extortion threats.

Photo Credit: DepositPhotos.com