Ransomware Group Embargo Accumulates $34.2 Million Since April 2024
The ransomware group Embargo has generated at least $34.2 million since April 2024, according to TRM Labs.
- Embargo may be a rebranding of the BlackCat (ALPHV) operation based on infrastructure and coding similarities.
- It operates under a ransomware-as-a-service model, targeting U.S. healthcare, manufacturing, and business services.
- Ransom demands have reached $1.3 million, with victims including American Associated Pharmacies and several regional hospitals.
- TRM traced links between Embargo and historical BlackCat wallets, indicating continuity in operations.
- Funds are moved through intermediary wallets into high-risk exchanges, with $13 million reaching global VASPs and $18.8 million remaining in unattributed wallets.
- Embargo uses double extortion tactics, combining file encryption with data theft threats.
- The group is reportedly experimenting with AI to enhance phishing campaigns and reconnaissance speed.
- Targeting U.S. healthcare aligns with a broader trend in ransomware strategy focusing on public safety risks.
- If Embargo is indeed linked to BlackCat, it reflects ongoing efforts to maintain affiliate networks while avoiding law enforcement scrutiny.