- Cl0p ransomware gang leaked Post data after allegedly refusing to pay ransom
- Oracle E-Business Suite zero-day exploited to breach over 100 companies, including The Washington Post
- Other victims include Harvard, Schneider Electric; law enforcement agencies warn against ransom
We can now add Washington Post to the growing list of companies hacked via the apparent security issues with some Oracle business software.
In early October 2025, news broke that hackers emailed executives at various organizations across the United States, warning them that they were stealing their sensitive files through Oracle E-Business Suite systems, and demanding a ransom in exchange for deleting the stolen files.
Subsequent investigations revealed that Oracle’s software carried a remote code execution (RCE) zero-day in versions 12.2.3-12.2.14. It was also later reported that the attacks occurred months before Oracle released a patch and that “dozens” of companies were affected. These “dozens” grew to “more than a hundred”. Two hacking collectives are being linked to this campaign – financially motivated FIN11 and the notorious Cl0p ransomware gang.
No evidence of abuse
Posten has now issued a statement confirming that it was also a victim of the attack.
At the same time, Cl0p added The Washington Post to its data leak site, stating that the company “ignored their security,” meaning, according to TechCrunch, that it decided not to pay the ransom demand. We don’t know how much money Cl0p asked for from the Post, but previous reports claimed that one victim was asked for $50 million.
News of Oracle-related hacks has been circulating for some time, and several other high-profile companies were confirmed to have been affected, including Harvard University, Schneider Electric, Pan American Steel and Cox Enterprises.
The full list of victims is not publicly available, and probably never will be. There is a good chance that some of the victims will pay the ransom demand and never be listed on Cl0p’s data leak page.
Law enforcement usually discourages paying the ransom demand, saying it motivates the threat actors to carry out even more attacks and gives them the means to continue operating.
Via TechCrunch
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
