Attacks possibly started a lot earlier than previously thought
Cl0p ransomware exploited Oracle E-Business Suite, demanding payment from affected organizations
Google says attacks began in July–August, before Oracle released a patch for the zero-day
FIN11 may be involved, either collaborating with Cl0p or inspiring the extortion campaign
The recent Oracle E-Business Suite cyberattack may have affected dozens of organizations around the world, as Google’s researchers shed more light on the currently active extortion campaign.
News recently broke of numerous executives across American organizations receiving emails apparently originating from the Cl0p ransomware gang. In the emails, the miscreants said they stole sensitive files from the company’s Oracle E-Business Suite systems and asked for payment in exchange for deleting the files.
Initial reports suggested that the campaign may have been a bluff, but a few days later Oracle released a patch, addressing a zero-day vulnerability.
