- Embargo, a new Ransomware group, is responsible for over $34 million in crypto ransom payments since April 2024.
- The group has attacked vital sectors in the United States, including hospitals and pharmaceutical companies.
- Investigators from TRM Labs found similarities and possible links between Embargo and the former BlackCat (ALPHV) ransomware group.
- Embargo is holding nearly $19 million in inactive cryptocurrency, which may be used to avoid immediate detection or for future laundering.
- The UK plans to ban ransomware payments for public sector bodies and enforce new reporting requirements for ransomware attacks.
A ransomware group known as Embargo has quickly gained attention in the cybercrime world after moving more than $34 million in cryptocurrency from ransom payments beginning in April 2024. The group uses a ransomware-as-a-service model, enabling affiliates to launch attacks and share profits.
According to investigators at TRM Labs, Embargo has targeted critical infrastructure across the United States. Organizations hit include American Associated Pharmacies, Memorial Hospital and Manor in Georgia, and Weiser Memorial Hospital in Idaho. Ransom demands have reached up to $1.3 million.
TRM Labs’ research suggests Embargo may have ties to, or be a rebranded version of, the notorious BlackCat (ALPHV) hacking group, which vanished after reports of an exit scam earlier in the year. The two groups show technical similarities such as using the Rust programming language, running nearly identical data leak sites, and sharing wallet infrastructure seen on the blockchain.
About $18.8 million of Embargo’s cryptocurrency remains untouched in unaffiliated wallets, possibly to delay law enforcement detection or take advantage of better laundering opportunities later, according to experts. The group hides ransom payments through layers of intermediary wallets and high-risk exchanges. Services like Cryptex.net, a sanctioned platform, were used to transfer more than $1 million, with over $13.5 million moving through virtual asset service providers from May to August.
Embargo focuses on sectors where downtime leads to large financial losses, including healthcare and manufacturing. The group has used double extortion tactics: encrypting data, then threatening to leak sensitive information if ransoms are not paid. In some cases, they have named individuals or posted data online to add pressure.
Planned changes in the UK include banning ransomware payments in the public sector and requiring quick reporting of intended ransom payments. Victims outside the banned list will need to inform the government within 72 hours of an attack, followed by a detailed report within 28 days.
According to a report from Chainalysis, ransomware attacks dropped by 35% last year, marking the first decline in ransomware revenue since 2022.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Michael Saylor Unfazed by Ether Surge, Remains Laser-Focused on BTC
- Chainlink Surges 15%; Analysts Predict New All-Time High for LINK
- Nyan Cat Creator Claims $700K in Royalties Amid Meme Coin Boom
- Shiba Inu Burn Rate Soars 3,464%, Ignites Major Price Rally
- VivoPower to Buy $100M in Ripple Shares, Expands XRP Treasury
