Oracle announced on Thursday that users of its E-Business Suite have “received extortion emails,” backing up an earlier alert from Alphabet’s Google issued the day before.
The company shared the update in a blog post, noting that its internal review pointed to attackers potentially exploiting older, known software flaws. As part of its advisory, Oracle urged its clients to apply upgrades to secure their systems.
When pressed, the company did not provide details on how many organizations might be impacted.
Google, which first flagged the campaign, described the activity as “high volume” but refrained from disclosing further specifics.
Related story: Google Flags Cybercriminal Emails Aimed at Company Leaders
Rising Extortion Demands and Group Behind the Attacks
Cynthia Kaiser, who leads the Ransomware Research Center at Halcyon, told Reuters that her team has observed ransom demands reaching extraordinary sums.
According to her, the amounts ranged from millions into the tens of millions of dollars, with the steepest demand hitting $50 million.
In a separate exchange with Reuters, the ransomware collective Google has linked to the extortion scheme, known as cl0p, placed blame directly on Oracle, stating the company had “bugged up.” The group added: “We not prepared to discuss details at this time.”
Despite the admission, little is known about cl0p’s members or its physical base of operations. However, researchers in the cybersecurity field have repeatedly classified the collective as either Russian-speaking or associated with Russian networks.
Cl0p operates as part of the ransomware-as-a-service model, renting out its digital tools and infrastructure to other cybercriminals in exchange for a share of the profits.
This business-like approach has allowed the group to expand its reach and influence within the cybercrime economy.
Japanese cybersecurity company Trend Micro has previously characterized cl0p as “a trendsetter for its ever-changing tactics,” highlighting the group’s ability to evolve in response to defensive measures taken by businesses and governments alike.
The coordinated warnings from both Google and Oracle underline the seriousness of the threat. With attackers continuing to refine their methods and push for larger financial gains, companies relying on widely used enterprise software suites remain prime targets.
The message from experts is consistent: upgrading systems and closing known vulnerabilities are essential steps in defending against ransomware groups like cl0p.
Read next: WestJet Reports Cybersecurity Breach Exposing Passenger Information in Canada