Google has issued a warning after detecting a wave of extortion emails targeting executives at multiple organizations. These emails, allegedly sent by cybercriminals linked to the notorious Clop ransomware gang, claim to have stolen sensitive data from the victims’ Oracle E-Business Suite applications. The attackers demand large ransoms, at times reaching up to $50 million, threatening to leak financial, supply chain, and customer data unless paid.
While Google and cybersecurity teams are actively investigating, they caution that there is not yet enough evidence to confirm the legitimacy of the hackers’ claims. In several instances, the extortionists provided screenshots and file directories as supposed proof of compromise, raising alarm among targeted businesses.
Oracle acknowledged the extortion campaign and revealed that some customer systems may be vulnerable due to flaws patched in its July 2025 Critical Patch Update. The company is urging all customers to immediately apply the latest security updates to reduce risk.
The Cl0p group, known for high-profile zero-day exploits and massive data breaches worldwide, reportedly exploited weaknesses in user password resets and multi-factor authentication in Oracle’s systems. Cybersecurity experts advise organizations to treat these email extortion threats seriously, investigate for signs of unauthorized access, and bolster system defenses.
The campaign shows the rising sophistication and financial stakes of modern ransomware/extortion attacks—and highlights the importance of proactive security patching and vigilance by enterprise IT teams. Both Oracle and Google recommend that companies update software promptly and monitor their systems for signs of breach as the investigation continues.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
