How will the Oracle E-Business Suite Ransomware affect your business?

BankInfoSecurity.com reported that “Digital extortionists are shaking down executives at organizations that use Oracle E-Business Suite, claiming to have stolen their sensitive data, warn multiple cybersecurity firms.”  The October 2, 2025 article entitled " Extortionists Claim Mass Oracle E-Business Suite Data Theft” (https://tinyurl.com/2jmwdawt) included these comments:

 Google said its Mandiant incident response group is probing the "high-volume email campaign" by a group that claims to be affiliated with the Clop - aka Cl0p - ransomware operation. The emails, sent to many different organizations, claim attackers stole data from their Oracle enterprise applications.

Oracle didn't immediately respond to a request for comment.

Oracle E-Business Suite comprises everything from enterprise resource planning and customer relationship management, to human resources and supply chain management software.

Cybersecurity firm Halcyon said it's also responding to this campaign and that the attackers appear to have wielded stolen user credentials together with a password-reset feature in internet-facing E-Business Suites to gain access to victims' portals.

"We have seen Cl0p demand huge seven and eight-figure ransoms in the last few days," including in one case a $50 million shakedown, Cynthia Kaiser, senior vice president at Halcyon's ransomware research center, told Bloomberg.

Unlike past Clop attacks, these don't appear to be exploiting a zero-day vulnerability. "This group appears to be abusing configurations, not exploiting vulnerabilities," Kaiser told Information Security Media Group. "Cl0p typically goes after huge numbers of victims so it is urgent that organizations check their systems today."*

Bad news for Oracle!