Alphabet’s Google has raised the alarm over a wave of extortion attempts targeting corporate leaders, with attackers claiming they have accessed confidential information from Oracle business software.
In a public notice, Google explained that emails are being sent by individuals identifying themselves as linked to the ransomware group cl0p.
According to the company, the messages are directed at “executives at numerous organizations claiming to have stolen sensitive data from their Oracle E-Business Suite.”
Google clarified that it cannot confirm the truth behind the hackers’ assertions. The company stressed that it “does not currently have sufficient evidence to definitively assess the veracity of these claims.”
Although requests for feedback were sent to both Oracle and cl0p, neither has issued a response so far. Google further characterized the activity as a “high-volume” email campaign but chose not to disclose additional technical details about the incidents.
Related story: Cyber Threat Data Sharing at Risk as Key U.S. Law Nears Expiration
A New Tactic in Ongoing Ransomware Campaigns
Security analysts note that groups like cl0p have increasingly turned to data theft and threats of exposure as a means to pressure victims, rather than solely relying on file-encrypting ransomware.
By specifically targeting executives with intimidation emails, attackers attempt to exploit reputational fears and push organizations into negotiations or payments.
The focus on Oracle’s widely used E-Business Suite is particularly concerning. Many enterprises rely on the platform for financials, procurement, supply chain, and human resource management.
Even unverified claims of a breach can create uncertainty for business leaders who fear reputational harm, regulatory scrutiny, or disruption of operations.
While Google did not reveal which industries or regions may have been most affected, the broad wording of its statement suggests the campaign is not confined to a single sector.
The emphasis on volume also indicates that the emails are being distributed widely, with the intent of maximizing fear and confusion.
For now, Google’s warning functions as both a caution and a call for vigilance.
Organizations that use Oracle products are being advised by cybersecurity experts to strengthen monitoring, train executives to recognize social engineering attempts, and avoid engaging directly with extortionists.
This incident is another reminder that cybercriminal groups often exploit uncertainty. By sowing doubt and leveraging threats, they aim to push decision-makers into rash responses.
Whether or not the cl0p group truly possesses the data it claims, the campaign highlights the ongoing pressure organizations face from highly adaptive ransomware networks.
Read next: WestJet Reports Cybersecurity Breach Exposing Passenger Information in Canada