"At the time of writing, Cl0p has not named any specific NHS bodies or leaked any organisational or patient data. Nor have there been any outward-facing signs of a classic ransomware attack, such as IT outages or service disruptions, although Cl0p is among a number of cyber gangs known to conduct attacks that do not result in data encryption, preferring instead to stick to theft and extortion."
"However, the NHS appears alongside other names, one of which, US newspaper The Washington Post, has confirmed that it fell victim to a Cl0p attack orchestrated via two distinct vulnerabilities in Oracle's E-Business suite, patched earlier in the autumn. NHS England's digital teams published an advisory notice covering the Oracle bugs - CVE-2025-53072 and CVE-2025-62481 - on 23 October. In a statement circulated to media, an NHS England spokesperson confirmed there was a live investigation in progress, although they made no mention of ransomware or the Cl0p gang specifically."
NHS England is investigating a possible compromise after the Cl0p gang posted on its dark web leak site on 11 November claiming to have hit NHS systems. Cl0p has not identified any specific NHS bodies or published organisational or patient data. No outward signs of classic ransomware — such as outages or disruptions — have been observed, and Cl0p commonly pursues theft and extortion rather than encryption. NHS England published an advisory on Oracle E-Business Suite vulnerabilities CVE-2025-53072 and CVE-2025-62481 on 23 October. The Washington Post confirmed exploitation of those bugs in a Cl0p attack. NHS cyber teams are investigating with the NCSC.
#ransomwareextortion #cl0p-gang #oracle-e-business-vulnerabilities-cve-2025-53072-cve-2025-62481 #nhs-cybersecurity
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]