Numerous US executives hit by ransomware in significant attack, Google alerts

Massive Ransomware Campaign Targets US Business Executives

Hackers associated with well-known ransomware groups have launched a significant campaign against US business executives, as reported by Google on Thursday. This operation has been underway since last month, impacting numerous organizations.

According to Google researchers, these attackers are linked to the notorious “Clop” ransomware gang. They have been sending alarming emails, contributing to what is characterized as an extensive series of attacks.

It’s unclear if any companies have responded to the ransom demands or if they paid to restore their data after the attacks.

In the threatening emails, the hackers assert they stole information via Oracle’s widely used business management application aimed at corporate clients. The situation reportedly began around September 29, as noted by Genevieve Stark, director of cybercrime at Google Threat Intelligence Group.

Stark added that the analysis suggests the hackers are targeting organizations opportunistically rather than zeroing in on a specific sector. This behavior aligns with previous activities connected to the CL0P data leak site.

As for Oracle, there hasn’t been a prompt response to requests for comments.

Security firm Halcyon claims the hackers have demanded ransoms reaching up to $50 million, providing screenshots as evidence of their breaches. This claim follows the monitoring of the hacking efforts, as reported by Bloomberg.

Cynthia Kaiser, vice president of Halcyon’s Ransomware Research Center, mentioned, “CL0P has been asking for substantial seven- and eight-digit ransoms recently.” She highlighted the group’s reputation for significant stealthy data theft, which increases their leverage during negotiations.

Google added that there isn’t enough reliable evidence at this time to assess the veracity of the claims made by the hackers. Notably, at least one email address used in the attacks has been linked to previous hacker activity.

Google confirmed that the malicious emails include contact information, which appears on the CLOP Data Leak Site (DLS). This might indicate a direct connection to CLOP, leveraging their brand recognition.

The emails reportedly carry the distinct hallmarks of Clop’s previous communications, including awkward language and grammar.

This hacker group’s prior campaigns in 2023 had already resulted in breaches affecting major companies like British Airways and the BBC.

In June 2023, the US Cybersecurity & Infrastructure Security Agency (CISA) labeled CLOP as one of the largest distributors of phishing and malspam worldwide.