Google warns executives of mass extortion emails citing Oracle app data theft

Alphabet’s Google says a wave of extortion emails is targeting executives across multiple companies, with senders claiming to have stolen sensitive information from Oracle business applications. Google said the campaign references Oracle E-Business Suite and is being conducted at scale, but the company has not verified the intruders’ claims.

In a statement, Google noted that a group asserting an affiliation with the cl0p ransomware gang is behind the outreach. The company added that it “does not currently have sufficient evidence to definitively assess the veracity of these claims.” Google did not disclose how many organisations were contacted or what data was allegedly taken. Oracle did not immediately respond to requests for comment.

Security researchers say the shakedown demands are steep. Cynthia Kaiser, who heads Halcyon’s Ransomware Research Center, said her firm has seen extortion asks “ranging from millions to tens of millions of dollars, with the highest coming in at $50 million.” Kaiser said attribution remains murky, noting overlap among criminal crews and frequent copycat activity. “There’s so much overlap amongst all these groups, and there are copycats across the ecosystem,” Kaiser said.

The cl0p brand, which has been linked to several large-scale data theft and extortion operations, did not clarify its role. In an email to Reuters, the group said the hackers were “not prepared to discuss details at this time.”

Incident responders advise recipients of such emails to avoid engaging with the senders, preserve evidence for investigators, and coordinate with internal security teams and law enforcement. Organisations using Oracle E-Business Suite are also urged to review access logs, check for anomalies, and verify that the latest patches and identity protections are in place.