- Cl0p ransomware gang leaked Post data after alleged refusal to pay ransom
- Oracle E-Business Suite zero-day exploited to breach over 100 companies, including The Washington Post
- Other victims include Harvard, Schneider Electric; law enforcement warns against ransom payments
We can now add The Washington Post to the growing list of companies hacked via the apparent security issues with some Oracle business software.
In early October 2025, news broke that hackers were mailing executives at various organizations across the United States, warning them that they stole their sensitive files through Oracle E-Business Suite systems, and demanding a ransom payment in exchange for deleting the stolen files.
Subsequent investigations determined Oracle’s software carried a remote code execution (RCE) zero-day in versions 12.2.3-12.2.14. It was later also reported that the attacks were happening months before Oracle released a patch, and that “dozens” of companies were hit. Those “dozens” grew to “more than a hundred”. Two hacking collectives are being linked to this campaign - financially-motivated FIN11, and the infamous Cl0p ransomware gang.
No evidence of abuse
The Post has now issued a statement confirming it, too, fell prey to the attack.
At the same time, Cl0p added The Washington Post to its data leak site, stating that the company “ignored their security” which, according to TechCrunch, means it decided not to pay the ransom demand. We don’t know how much money Cl0p asked from the Post, but earlier reports claimed that one victim was asked for $50 million.
News of Oracle-related hacks have been coming in for some time, with multiple other high-profile companies were confirmed to have been hit, including Harvard University, Schneider Electric, Pan American Steel, and Cox Enterprises.
The full list of victims is not publicly available, and probably never will be. There is a good chance that some of the victims will pay the ransom demand and never be listed on Cl0p’s data leak site.
Law enforcement usually advises against paying the ransom demand, saying that it motivates the threat actors to mount even more attacks, and gives them the funds needed to continue operating.
Via TechCrunch
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
