Google warns of high-volume extortion emails targeting executives over alleged Oracle data theft
Google says a wave of extortion emails is hitting corporate executives across multiple companies. The senders claim—without verified proof—to have stolen sensitive data from targets’ Oracle E-Business Suite environments. Google characterizes the campaign as “high volume” but says it lacks sufficient evidence to confirm the hackers’ claims.
The emails purport to come from actors affiliated with the Cl0p ransomware ecosystem. Attribution remains uncertain: some researchers see early indicators of a Cl0p link, while others note extensive overlap and copycat behavior among ransomware groups. Cl0p, in a message to Reuters, declined to provide details.
Oracle did not immediately comment. Meanwhile, Halcyon’s Ransomware Research Center reports observed demands ranging from several million dollars to as high as $50 million.
The campaign underscores a broader trend: threat actors leveraging claims of enterprise application compromise to pressure executives directly—banking on reputational risk and fear of operational disruption even when technical evidence is thin.